Skip to content

LifeOmic Authentication FAQ

What methods are available for authentication?

  • User credentials - username and password
  • API Key
  • Single Sign-On (SSO) (when configured)

Are external Identity Providers (IdP) supported?

Single Sign-On (SSO) providers that support SAML2 are supported. Example providers we have validated with are Okta and Shibboleth IdP.

What is user credential authentication?

A user credential is a username and password pair that allows access into the platform. Sometimes organizations configure a Single Sign-On provider (SSO) that unifies a username and password credential to allow access to many systems.

User credential authentication can be completed at the following locations:

  • Web Console: https://apps.us.lifeomic.com/login

  • LifeOmic CLI - lo auth

  • LifeOmic Notebook Service - The authentication token and refresh token are automatically made available when a Notebook is launched. Those are available in the environment under:

    • PHC_REFRESH_TOKEN
    • PHC_ACCESS_TOKEN

When presented with a valid username and password, authentication API will respond with a JSON Web Token (JWT) for the user. The HTTP header named Authorization should be used and the value should be in the form of: Authorization=Bearer <token>

What is API key authentication?

Instead of having to do the normal authentication process of entering in user credentials (username and password), an API Key can be created instead that is unique for that user.

This API key should be secured much like username and passwords are secured.

What access control does an API key have?

An API key created by a user acts on behalf of that user and provides the same level of access within the account.

How often do API keys expire?

The expiration time when creating a new API key is required and is configurable in days. The minimum expiry is 1 day and the maximum is 365 days.

Expiration is required as the best practice is to decide upon a cadence of API key rotation throughout the year.

Where can I use an API key?

API keys maybe used in scripted environments like Linux based machines with Bash to interface with the PHC API. The HTTP header named Authorization should be used and the value should be in the form of: Authorization=Bearer <api key>

The LifeOmic CLI may be used to further enhance those scripts where the API is abstracted away. The CLI supports Linux, MacOS, and Windows environments.

The PHC SDK for Python also supports API keys for automation and makes interacting with the PHC API through a Python interface.


Last update: April 29, 2020