IWeb logo IWeb Administrator Guide

Keycloak Roles

Keycloak roles allow users to access multiple STC applications with one login via Single Sign-On (SSO). (See STC Application Interoperability.) Users are granted access to each application individually via access roles in the IWeb application (or ImMTrax for WIR implementations) user management area.

There are two types of roles used in Keycloak:

To assign one or more Keycloak roles to a user, see User Management Settings in the IWeb User Guide.

Note icon  All users should be given the Access IWeb Keycloak application access role in order to use the password reset link on the login page. (Users must also have a valid email address in order to use this feature.)

The following are the currently available Keycloak application access roles:

Application Access Role Description

Access AFIX

Application access role required to access the STC | SMaRT AFIX application.

Access iQ

Application access role required to access the STC | iQ application.

Access IWeb

Application access role required to access the IWeb application.

Access LMS

Application access role required to access the STC | U Learning Management System.

Access PHC-Hub

Application access role required to access the PHC Hub application.

Access VOMS

Application access role required to access the VOMS application.

The following are example user type roles that may be available for some of the applications. These may be dependent on individual applications and may be subject to change.

Example User Type Role Description

State Level Permissions

Might be used by STC|iQ and VOMS State users. Also might be used by STC | SMaRT AFIX users to access the application, run reports for all providers, access the AFIX Online Tool, and run Master Rate comparisons.

Organization Provider Content (Data) Security

Might be used by STC|iQ Organization users.

Provider Level Permissions

Might be used by STC|iQ or VOMS Facility users.

Provider Interface Profile Form

Might be used by STC|iQ Organization or Facility users who only need access to their interface form in the application as part of onboarding.

Provider Level Permissions

Might be used by SMaRT AFIX users to access the application and run reports for their assigned provider (organization/facility).

Access Manage Users Page

Might be used by SMaRT AFIX users to access the Manage Users page.

The table below displays access levels and the required and optional Keycloak roles to access the various applications. Note that the Keycloak roles should match user permissions when applicable. If IWeb and Keycloak permissions and roles do not match, the user may see a blank screen or not be able to access organizations or facilities.

Access Level Required Keycloak Roles Optional Keycloak Roles to Access Applications

Facility Client

  • Provider Level Permissions
  • Access IWeb
  • Access AFIX (for SMaRT AFIX)
  • Access iQ
  • Access PHC Hub
  • Access VOMS
  • Provider Interface Profile Form

Organization Client

  • Organization  Provider Content (data) Security
  • Access IWeb
  • Access AFIX (for SMaRT AFIX)
  • Access iQ
  • Access PHC Hub
  • Access VOMS
  • Provider Interface Profile Form

Registry Client

  • State Level Permissions
  • Access IWeb
  • Access AFIX (for SMaRT AFIX)
  • Access iQ
  • Access PHC Hub
  • Access VOMS
  • Provider Interface Profile Form

If you have any questions about your access level, permissions, or Keycloak roles, contact your state's system administrator.

STC | One logo  

 

Â