External IdP

Medplum access, routed through Keycloak.

Enter your email once to discover the correct identity provider and continue the external login flow. We keep tokens server-side and use FastAPI to complete the Medplum exchange.

Domain-aware

Routes by email domain to the external IdP.

Session-backed

Secure server session for Medplum tokens.

SMART ready

Launch context preserved for encounter + scopes.

FHIR-first

Patient data fetched from Medplum FHIR APIs.

Sign in

Continue with your email

Your email domain is used to auto-detect your role and SMART scopes. Override only if needed.

Troubleshooting
  • Redis not available — Restart Redis (docker restart fastapi-redis) then restart the API.
  • Tenant not found — Verify MEDPLUM_TENANT_ID in .env.local matches a seeded tenant.
  • redirect_uri rejected — Add your app origin to the tenant's allowed redirect URIs.
  • Callback failed — Check FastAPI logs at logs/api.log for upstream Medplum or Keycloak errors.
  • Cannot reach API — Ensure FastAPI is running (manage_services.sh start api) and FASTAPI_BASE_URL is correct.