...
Organization will manage all users and passwords internally and are responsible for onboarding and off boarding users.
Organization will define manage security settings such as:
2-Factor or Multi-factor authentication (2FA/MFA)
Organization level audit logging
Password complexity, expiration, aging
Login restrictions (ip address, time based, location based)
If Organization’s user store (AD or IdP broker service) is not accessible, federated users will not be able to login to Tidepool
Organization domain and login patterns or metadata will be verified programmatically in
Keycloakand applied based on policy
Requirements
Tidepool requires a valid email address to support the Clinic Admin authorization process
Tidepool Keycloak supports only SP-initiated logons at this time
SAML 2.0 or OpenID Connect compatible IdP provider
a domain (e.g. an email domain) or other pattern that can be used to programmatically match logins
Example Identify Providers supporting SAML and/or OpenID
...