Admin

Identity & access

Connect single sign-on, manage what each user can see, choose how accounts are provisioned, and set your organization's sign-in policy.

These guides are for Viewer administrators. They cover how your team signs in and what each person can see once they're in. Single sign-on lets your team reach Viewer with their existing organizational accounts, with your identity provider (IdP) as the control point for who gets in.

You will need:

  • Administrator access to Viewer
  • Administrator access to your organization's identity provider (IdP), or help from whoever manages it

Connect single sign-on

Hand your IdP two values, give Viewer your metadata, verify a real sign-in, then enable it.

Roles & permissions

The role model and permission domains — what each role can see, and how to assign and edit roles.

User provisioning

Invite-only vs. just-in-time (JIT) — how accounts are created when people sign in.

Sign-in policy

Route everyone through your IdP and turn off password sign-in (SSO-only mode).

Troubleshooting

Common sign-in symptoms, likely causes, and fixes — plus how to get help.

How these fit together

  1. Connect single sign-on so your team can reach Viewer with their organizational accounts.
  2. Assign roles so signed-in users can see the data they need — access is deny-by-default until you grant a role.
  3. Choose a provisioning mode to decide whether new people get an account automatically or only when invited.
  4. Set your sign-in policy if you want to route everyone through your IdP and turn off passwords entirely.

Generating a report

Produce a PDF medical record or release-of-information packet from a patient's archived data.

Connect single sign-on

A one-time, three-step setup to connect your identity provider to Viewer — exchange identifiers, hand over metadata, then verify and enable.

On this page

How these fit together