IWeb Administrator Guide |
Keycloak roles allow users to access multiple STC applications with one login via Single Sign-On (SSO). (See STC Application Interoperability.) Users are granted access to each application individually via access roles in the IWeb application (or ImMTrax for WIR implementations) user management area.
There are two types of roles used in Keycloak:
To assign one or more Keycloak roles to a user, see User Management Settings in the IWeb User Guide.
All users should be given the Access IWeb Keycloak application access role in order to use the password reset link on the login page. (Users must also have a valid email address in order to use this feature.) |
The following are the currently available Keycloak application access roles:
Application Access Role | Description |
Access AFIX |
Application access role required to access the STC | SMaRT AFIX application. |
Access iQ |
Application access role required to access the STC | iQ application. |
Access IWeb |
Application access role required to access the IWeb application. |
Access LMS |
Application access role required to access the STC | U Learning Management System. |
Access PHC-Hub |
Application access role required to access the PHC Hub application. |
Access VOMS |
Application access role required to access the VOMS application. |
The following are example user type roles that may be available for some of the applications. These may be dependent on individual applications and may be subject to change.
Example User Type Role | Description |
State Level Permissions |
Might be used by STC|iQ and VOMS State users. Also might be used by STC | SMaRT AFIX users to access the application, run reports for all providers, access the AFIX Online Tool, and run Master Rate comparisons. |
Organization Provider Content (Data) Security |
Might be used by STC|iQ Organization users. |
Provider Level Permissions |
Might be used by STC|iQ or VOMS Facility users. |
Provider Interface Profile Form |
Might be used by STC|iQ Organization or Facility users who only need access to their interface form in the application as part of onboarding. |
Provider Level Permissions |
Might be used by SMaRT AFIX users to access the application and run reports for their assigned provider (organization/facility). |
Access Manage Users Page |
Might be used by SMaRT AFIX users to access the Manage Users page. |
The table below displays access levels and the required and optional Keycloak roles to access the various applications. Note that the Keycloak roles should match user permissions when applicable. If IWeb and Keycloak permissions and roles do not match, the user may see a blank screen or not be able to access organizations or facilities.
Access Level | Required Keycloak Roles | Optional Keycloak Roles to Access Applications |
Facility Client |
|
|
Organization Client |
|
|
Registry Client |
|
|
If you have any questions about your access level, permissions, or Keycloak roles, contact your state's system administrator.