Skip to main content

Using External IDs

By default, Medplum uses email address as a unique identifier for a user. When using External Identity Providers, you may instead want to use the external ID rather than email. This document describes the additional changes to use external ID.

Configure client

Navigate to "Project Admin" and then "Clients".

Find your Client Application.

Set ClientApplication.identityProvider.useSubject to true

Invite user

Prepare JSON payload:

{
"resourceType": "Patient",
"firstName": "Homer",
"lastName": "Simpson",
"externalId": "MY_EXTERNAL_ID"
}
tip

Auth0 can optionally prefix subject with the identity provider, such as "google-oauth2|110925489055200000000". Only use the portion after the "|" such as "110925489055200000000".

Then POST to the /invite endpoint:

curl 'https://${baseUrl}/admin/projects/${projectId}/invite' \
-H 'Authorization: Bearer ${accessToken}' \
-H 'Content-Type: application/json' \
--data-raw '{"resourceType":"Patient","firstName":"Homer","lastName":"Simpson","externalId":"110925489055200000000"}'

Login example

You can then use the external auth provider as described in External Identity Providers

This will also work with the example repo:

https://github.com/medplum/medplum-client-external-idp-demo