azuma doa
azuma doa is a comprehensive identity and access management (IAM) solution designed for modern digital health applications. It provides robust features specifically adapted to the health sector needs such as multi-tenancy, advanced authentication methods, and a roles and permissions system. This documentation outlines its key components, authentication methods, and integration steps to help you get started.
azuma doa consists of the following important components
- Identity Provider: Full service identity provider with Single-Sign-On (SSO), self-service flows and Multi-Factor-Authentication (MFA)/ Two-Factor-Authentication (2FA) support
- Tenant Management: Integrated configurable multi-tenancy support to implement one user account across single or multiple organizational domains with subtenants. (e.g. to reflect hospital structures)
- Advanced authentication methods: MFA with device binding enables the highest security standards for mobile authentication with a great user experience. (Supporting BSI TR-03161 compliance)
- Roles & Permissions System: Integrated roles & permissions setup applied on top of the tenant management solution including customer application roles & permissions
- License System: Integrated license assignment on tenant level.
Identity and tenant management
azuma doa implements a full identity provider/management system that can be easily integrated in your application. This includes
- Single tenants (most common scenario): Users belong to your tenant and are only available within your tenant.
- Multi tenant, multi hierarchy scenarios for complex organizations (and the hospital context): Users belonging to your organization are available within all tenants and sub-tenants.
Authentication methods
azuma doa implements a variety of authentication methods including the following:
Mobile: Device Binding
The device binding flow conforms to the BSI TR-03161 standard for digital health applications.
The device binding flow ensures device conformity and binding via
- Google Play Attestation/Integrity
- Apple App Attest
while supporting the following auth methods:
- Username/Password
- Email/Password
- Health-ID
More details for device binding can be found here.
Mobile/Web: Authorization Code Flow
azuma doa fully supports the OAuth 2.0 Authorization Code Flow as well as OpenID Connect (OIDC).
More details for can be found here.
API: Client Credentials flow
azuma doa fully supports the OAuth 2.0 Client Credentials Flow, which can be used for
- Backend to Backend authentication and authorization (via custom scopes)
- API authorization for the azuma doa admin API.
Clients for the Client Credentials flow can be created via azuma doa developer portal.
More details for can be found here.
Our roadmap includes Passkeys and Biometrics among other methods. If you are missing further important methods or have custom requirements, please don't hesitate to contact us.
Getting started
To start integrating with azuma doa and getting your development account, check out the Getting Started pages.
After the initial setup, please consider visiting:
Infrastructural Environments & Links
TEST
- Main Url: https://pie.azuma-health.tech
- Dashboard Url: https://dashboard.pie.azuma-health.tech
- Swagger:
- OpenID Configuration: https://oidc.pie.azuma-health.tech/tenant/*tenant-id*/.well-known/openid-configuration
- Authorization Endpoint: https://oidc.pie.azuma-health.tech/tenant/*tenant-id*/oauth2/auth
- Token Endpoint: https://oidc.pie.azuma-health.tech/tenant/*tenant-id*/oauth2/token
- JWKS Endpoint: https://oidc.pie.azuma-health.tech/tenant/*tenant-id*/.well-known/jwks.json
PROD
- Main Url: https://azuma-health.tech
- Dashboard Url: https://dashboard.azuma-health.tech
- Swagger:
- OpenID Configuration: https://oidc.azuma-health.tech/tenant/*tenant-id*/.well-known/openid-configuration
- Authorization Endpoint: https://oidc.azuma-health.tech/tenant/*tenant-id*/oauth2/auth
- Token Endpoint: https://oidc.azuma-health.tech/tenant/*tenant-id*/oauth2/token
- JWKS Endpoint: https://oidc.azuma-health.tech/tenant/*tenant-id*/.well-known/jwks.json