Setup member opt-out process with IdP

1upHealth leverages industry standard technology to integrate with your Identity Provider (IdP) so members can opt-out of CMS-0057-F Provider Access without creating a 1up account.

Information that the customer provides

The following information must be sent to your 1upHealth Customer Success Coordinator via email.

  • Do you support OIDC or SAML?

    • If you support SAML, please share the metadata XML file as an attachment.

    • If you support OIDC, please provide the well-known (discovery) endpoint URL.

Information that 1up provides

1up provides the realm-name value and the appropriate URLs according to your type of integration for both production and UAT environments.

SAML integrations

  • Entity ID:

    • Production: https://gateway.1up.health/auth/realms/{realm-name}

    • UAT: https://gateway.1upcoreuat.com/auth/realms/{realm-name}

  • Assertion Customer Service (ACS) URL:

    • Production: https://gateway.1up.health/auth/realms/{realm-name}/broker/saml/endpoint

    • UAT: https://gateway.1upcoreuat.com/auth/realms/{realm-name}/broker/saml/endpoint

OIDC integrations

  • Redirect URIs

    • Production: https://gateway.1up.health/auth/realms/{realm-name}/broker/oidc/endpoint

    • UAT:   https://gateway.1upcoreuat.com/auth/realms/{realm-name}/broker/oidc/endpoint

Configuration process for customer

Once the customer has provided information about their IdP (outlined above) and 1up has provided the required information (outlined above), then the customer's IT staff can proceed with configuration.

  1. Configure IdP application using the values provided by 1upHealth. Depending on your setup, the URL may need to be whitelisted.

  2. Complete attribute mappings:

    • memberId: The unique member identifier used when loading data to the 1up platform.

    • emailAddress (if available)

  3. Create a test user IdP login with the memberId value of 123456789.

    If you cannot create a test user with the memberId value of 123456789, please provide an existing test user's memberId and login information to 1upHealth.

  4. Complete the member opt-in / opt-out process using the test user in the User Acceptance Testing (UAT) environment.

  5. Confirm successful integration in UAT with 1up.

  6. Promote configurations to production environments.