Skip to main content

Authentication FAQ

What do I do if I lost my password or forgot my password?

Click the Forgot your password? link on the PHC login screen to receive an email with a passcode that will let you reset your password. You can also use the Sign into PHC without a Password procedure.

What methods are available for authentication?

  • User credentials - username and password
  • API Key
  • Single Sign-On (SSO) (when configured)

Are external Identity Providers (IdP) supported?

Single Sign-On (SSO) providers that support SAML2 are supported. Example providers we have validated with are Okta and Shibboleth IdP.

What is user credential authentication?

A user credential is a username and password pair that allows access into the platform. Sometimes organizations configure a Single Sign-On provider (SSO) that unifies a username and password credential to allow access to many systems.

User credential authentication can be completed at the following locations:

Web Console: https://apps.us.lifeomic.com/login

LifeOmic CLI - lo auth

LifeOmic Notebook Service - The authentication token and refresh token are automatically made available when a Notebook is launched. Those are available in the environment under:

-   `PHC_REFRESH_TOKEN`
- `PHC_ACCESS_TOKEN`

When presented with a valid username and password, authentication API will respond with a JSON Web Token (JWT) for the user. The HTTP header named Authorization should be used and the value should be in the form of: Authorization=Bearer <token>

What is API key authentication?

Instead of having to do the normal authentication process of entering in user credentials (username and password), an API Key can be created instead that is unique for that user.

This API key should be secured much like username and passwords are secured.

What access control does an API key have?

An API key created by a user acts on behalf of that user and provides the same level of access within the account.

How often do API keys expire?

The expiration time when creating a new API key is required and is configurable in days. The minimum expiry is 1 day and the maximum is 365 days.

The best practice is to decide upon a cadence of API key rotation throughout the year.

Where can I use an API key?

API keys may be used in scripted environments like Linux based machines with Bash to interface with the PHC API. The HTTP header named Authorization should be used and the value should be in the form of: Authorization=Bearer <api key>

The LifeOmic CLI may be used to further enhance those scripts where the API is abstracted away. The CLI supports Linux, MacOS, and Windows environments.

The PHC SDK for Python also supports API keys for automation and makes interacting with the PHC API through a Python interface.