Hello. I 'm trying to implement a custom practitioner portal, where any practitioner could log in from there and see the resources of their projects (app.medplum.com currently works in this way). What would be the recommended flow? On the other hand, we have a react native application for patients and we have a similar case. Patients from different projects should be able to log in from the same application. I'm not sure if creating a client with super admin access would be useful to implement something like this, possibly not (besides some security issues). Do you have any recommendations, examples or documentation that could be useful? Thank you very much in advance.

Hi @tinho_14 ,as far as I know, I think you can create Project from super admin with required Access policies, and within that you can create clients. These client credentails you can use inside web and mobile app with defined policies. Also add patients/practiioners within this project with granular access policies. Hope it helps.

Hello @pravinu , thanks for your response. I think I've solved the authentication for the web portal for practitioners. However, I still have issues in the mobile app. I was testing the OAuth2 flow but the clients that I create in the super admin project only see patients within the scope of the project, for any other patient it returns "user not found".

Hi @tinho_14 , the best reference I can point you to is our

SignInForm

react component: https://github.com/medplum/medplum/blob/main/packages/react/src/auth/SignInForm.tsx. Specifically here, we show a "ChooseProfileForm" when a Login results in multiple ProjectMemberships: https://github.com/medplum/medplum/blob/main/packages/react/src/auth/SignInForm.tsx#L131-L132

@rahul1 In our business, we can have several practices (one per project), where each one has a set of users/practitioners and its own resources. Practitioners can manage medications/medicationRequests and observations from the web portal, on the other hand, patients can view their medications, prescriptions, track, etc. from a react native mobile app. Since the mobile application is the same for all patients, even when they are from different projects, we cannot have a single client id for all of them. I understand that by default patients are project-scoped and, although this restriction makes sense, it's not helpful in our use case.

@tinho_14 given the desire to share patients across projects, as well your previous question regarding global resources, it seems like

Projects

are not the best way to model the isolation between your clinics. This might better be accomplished via access policies

@rahul1 We would like to replace our backend with medplum. In our first version the medications were global, however we have no problems adapting this to the medplum model (at this point we will go with that approach). We don't need to share patients between projects, just find a simple and secure way to be able to log in for patients, without having to specify a client id in our mobile app.

(forgot to include this in my previous message) The "Healthcare Partnerships" access policy example here: is probably the best example of separating patients by Organziation https://www.medplum.com/docs/access/access-policies#example-access-policies

@rahul1 yes, totally. The application will have the classic login form with username and password. that would be enough

@tinho_14 my best advice would be to study the implementation of the "AuthenticationForm". While this component has a bit more complexity than you need, the key call it makes is the

startLogin

call: https://github.com/medplum/medplum/blob/main/packages/react/src/auth/AuthenticationForm.tsx#L142-L151

@rahul1 thanks, I'll take a look