• F = Full permissions
• H = Hidden field
• O = Read only field
• R = Required field

• always_show_advanced_search (boolean) • force the study list advanced search to unfurl
• include_first_name_advanced_search (boolean) • add a first name field to the study list advanced search, append it with wildcard separator to the last name when posting to services
• add_study_dropdown_is_button (boolean) • the study list "Add Study" dropdown becomes a button when there is only one action
• view_study_button_action (text) • Action token to trigger when view study button is clicked
  Possible view study actions:
  • browse-study - Open with Study Viewer
  • browse-study-new-tab - Open with Study Viewer in New Tab
  • browse-study-new-window - Open with Study Viewer in New Window
  • browse-study-ambra - Open with Ambra Study Viewer
  • browse-study-ambra-new-tab - Open with Ambra Study Viewer in New Tab
  • browser-study-ambra-new-window - Open with Ambra Study Viewer in New Window
  • browse-as-related-study - Open as Related Study
  • browse-study-no-canvas - Open with Simple Viewer
  • browse-study-webgl - Open with WebGL Viewer
  • browse-key-images - View Key Images
  • browse-study-dashboard - View Study Dashboard
  • browse-study-viewer-report-split - Open Study Viewer with Reporting
• view_study_dropdown_actions (JSON) • Array of action tokens for view study dropdown
  Possible view study actions are the same as above setting
• default_date_format (string) • Date format to be used for patient portal
• view_study_namespace_filter_types (array) • Show selected types of namespaces in the study list namespace dropdown. If none are selected, all types will show
  Possible options:
  • account_id
  • location_id
  • group_id
  • user_id
• view_study_namespace_filter_types_role_id (string) • Study list namespace filter role. Namespace type filter applies for users with this role.
• mwl_search_filters (array) • Specifies MWL Search dropdown filter options. If none are selected, all filters will show.
  Possible filter options:
  • mwl_search_filter_patient-name
  • mwl_search_filter_patient-sex
  • mwl_search_filter_dob
  • mwl_search_filter_mrn
  • mwl_search_filter_accession-number
  • mwl_search_filter_order-number
  • mwl_search_filter_order-date
• mwl_must_match_fields (array) • MWL must match fields. User will see a confirmation modal if they're not match.
  Possible options:
  • patient_name
  • patient_sex
  • patient_birth_date
  • patientid
  • accession_number
  • study_description
  • modality
  • referring_physician
• study_edit_reason_per_field (boolean) • display one reason field for each edited study field
• study_oru_report_limit (number) • Only show that number of latest ORU in the Study Reports dropdown. Zero value is for no limit
• enable_patient_search_in_order_create_form (boolean) • Enable patient search in order create form
• enable_first_last_in_order_create_form (boolean) • Enable first/last names in order create form
• enable-order-physicians-predefined-values (boolean) • Enable order physicians predefined values
• order_referring_physicians (array) • list of predefined values for quick order creation
• enable-order-descriptions-predefined-values (boolean) • Enable order descriptions predefined values
• order_descriptions (array) • list of predefined description for quick order creation
• enable-order-accnum-generation (boolean) • Automatically generate orders accession numbers. You also need to configure a special dictionary.
• order-default-aetitle (string) • Orders default AE title
• orders_req_fields (array) • Orders additional required fields. If nothing selected only standart fields are required: Patient Name, Patient ID, AETitle, Modality
  Possible options:
  • accession_number
  • patient_sex
  • patient_birth_date
  • referring_physician
  • requested_procedure_description
  • scheduled_procedure_step_start_date
  • scheduled_procedure_step_start_time
• enable-study-reject-predefined-messages (boolean) • Enable study reject predefined messages
• study_reject_messages (array) • list of predefined messages you can choose rejecting study in activities
• is_utility_account (boolean) • Makes account as utility. Even if user has no permissions UI elements will be visible but disabled
• utility_elements_blacklist (array) • ability to disable any UI element in the utility account (ex. upload buttons, tabs, etc)
• advanced_search (array) • list of fields visible in advanced search. All fields will show if list is empty
  Possible options:
  • patient_name
  • patient_sex
  • patientid
  • patient_birth_date
  • accession_number
  • study_description
  • referring_physician
  • study_status
  • study_push_status
  • study_push_status.destination_uuid
  • date_range
  • created_range
  • star
  • thin
  • modality
  • study_uid
  • uuid
  • tags
  • customfield-UUID you can specify any custom field
• internal_notes (string) • any notes administrator can write and save
• study_list_send_messages (boolean) • enable sending messages from study list
• activity_list_send_messages (boolean) • enable sending messages from activity list
• study_messages_to_users (boolean) • Ability to select a user when sending message from the worklist or activities
• enable_gateway_queue_status (boolean) • Show/hide gateway status
• show_user_analytics (boolean) • Show "User Analytics" sub tab in Analytics section
• query_retrieve_form_fields (array) • Query retrieve form fields. All fields will show if nothing is selected
  Possible options:
  • patient_name
  • patient_sex
  • patientid
  • patient_dob
  • study_uid
  • accession_number
  • referring_physician
  • modality
  • start_datetime
  • end_datetime
  • create_study
  • create_thin
• user_setting_default-user_list_sort_study_list (string) • study list initial sort
  Possible options:
  • study_date-asc,study_time-asc
  • study_date-desc,study_time-desc
• limit_gateway_status_queues (array) • Gateway Status Queues
  Possible options:
  • BURN
  • DOWNLOAD
  • DOWNLOADTRANSCODE
  • HL7CLIENT
  • HL7UPLOAD
  • MOVE
  • QUERYCLIENT
  • RETRIEVECLIENT
  • STORAGECOMMIT
  • UPLOAD
  • UPLOADTRANSCODE
• remove-send-status-icon-after-days (number) • Remove Send Status icon after this amount of days. Send status icon is displayed forever if nothing specified
• activities-default-sub-tab (string) • Activities default sub tab
  Possible options:
  • STUDY_APPROVE
  • DESTINATION_SEARCH
  • USER_INVITE
  • JOIN_REQUEST
  • STUDY_REQUEST
  • NODE_CONNECT
• enable-patient-mrn-generation (boolean) • Automatically generate patient MRN numbers. You also need to configure speciial dictionary for this feature
• worklist_reset_search_login (boolean) • Start user session with empty search criteria
• separate_non_dicom_upload_form (boolean) • Separate DICOM and Non-DICOM upload forms
• study_oru_report_limit (boolean) • Only show most recent ORU in reports popup
• enable_orders_link (boolean) • Enable finding orders in the study list
• uncheck_send_notification_by_default (boolean) • Uncheck "Send a notification email to user's email address" checkbox by default
• patient_default_event_share (boolean) • Use Event Share = 1 by default when creating Patient via UI
• show_study_actions_in_user_audit_trail (boolean) • Show study actions in User's audit trail
• show_last_login_date_in_user_list (boolean) • Show date of last login in the user list
• show_under_approval_reason (boolean) • Show why the study is under approval
• study_custom_field_customization (array of objects) • Study Custom Field color customization
  Possible object fields:
  • uuid (string) • uuid of the custom field
  • color (string) • css color attribute value
  • forms (array) • array of forms that field customization applied to ("share_form", "upload_form", "edit_form", "study_list")
  • field-parts (array) • array of field parts to be painted ("label", "value", "border", "input-value")
• require_guest_link_password (boolean) • Require password for a Guest study link
• enable_study_list_context_menu (boolean) • Show study List Context Menu
• study_list_context_menu (array) • List of items
  Possible options:
  • images
  • retrieve
  • edit
  • download
  • download_iso
  • download_viewer
  • export_csv
  • study_link
  • study_audit
  • reports
  • send
  • share
  • remove_share
  • change_study_stage
  • split
  • delete
• request_study_customfields (array of uuid) • Request Study custom fields (e.g. ["e54f5da0-5287-4688-9783-11de90099b23"])
• worklist_phi_fields_customization (array of objects) • PHI fields customization
  For example:

  [{"field":"PatientName","type":"primary"}]
                              

  Possible field values:
  • PatientName
  • StudyDescription
  • PatientSex
  • PatientBitrhDate
  • PatientId
  • Modality
  • AccessionNumber
  • ReferringPhysician
  Possible type values:
  • primary
  • secondary
• case_days_old_colors (array of objects) • Case Days Old Color
  For example:

  [{ "days": 10, "color": "white", "background": "black" }]
                              

  Possible colors:
  • white
  • silver
  • gray
  • black
  • red
  • maroon
  • yellow
  • olive
  • lime
  • green
  • aqua
  • teal
  • blue
  • navy
  • fuchsia
  • purple
• enable_epic_find_order (boolean) • Enable separate FHIR patient lookup button in activities
• fhir_search_filters (array) • Configure FHIR lookup search by fields. All fields available if nothing selected
  Possible options:
  • accession_number
  • patientid
  • patient_name
• split_save_approve_activity (boolean) • Split Save and Approve button into two buttons in activities
• hide_site_information (boolean) • Hide "Site Information" button in the location/group list
• study_browse_reason_to_view (boolean) • Enable request of study view reason before image browse
• move_to_after_approval (boolean) • ability to move study to another namespace after approval. 'study_move' permission required.
• move_to_before_approval (boolean) • ability to move study activity to another namespace. 'study_move' permission required.

• hl7_field • The field that contains the matching accession number e.g.OBR_5_2
• namespaces • A list of uuid of the the namespaces to search for studies in

{
  "first":[{ # simple next
       "condition":"1", # or {} == true
       "values":["second"]
  }],
  "second":[
      { # some condition to match
        "condition":{"-and":[
           {"-eq":[{"-field":"must_appprove"},"1"]},
           {"-eq":[{"-field":"modality"},"MG"]}
        ]},
        "values":["third"]
      },
      { # some http-request parameter value
        "condition":{"-eq":[{"-param":"some_param"},"13"]},
        "values":["third","fourth"],
      },
      { # user_account.role.name check with sql-like matching
        "condition":{"-ilike":[{"-role":"name"},"some_rol%"]},
        "values":["fifth"],
      },
      { # user_account.role.uuid check
        "condition":{"-eq":[{"-role":"id"},"cf443e65-0115-42a3-87e9-6ee2c569da86"]},
        "values":["fourth"],
      },
      { # match by customfield
        "condition":{"-eq":[{"-field":"customfield-cf443e65-0115-42a3-87e9-6ee2c569da86"},"42"]},
        "values":["first"],
      },
      { # else
        "condition":{}, # same as 1 == true
        "values":["third","fourth"]
      }
  ],
  "third":[
      { # condition
        "condition":{"-eq":[{"-field":"modality"},"MR"]},
        "values":["fourth"]
      },
      { # unmatched like slashed specsymbols against 'third'
        "condition":{"-ilike":[{"-field":"study_status"},"t\_i\%d"]},
         "values":["third"],
      },
      { # case-sensitive check fails
        "condition":{"-like":[{"-field":"study_status"},"_H%d"]},
        "values":["third"],
      },
      {   # ok, with case-insensitive check against 'third'
        "condition":{"-ilike":[{"-field":"study_status"},"_H%d"]},
        "values":["first"],
      },
      # if not matched anything before, then cant change status
  ]
};

• If study_status_tags_ignore_rules_on_set is NOT set, then /study/status/set returns error=INVALID_TAG if new status is not in this values list
• /study/get returns intersection of study_status_tags and this values list
• /study/status/get returns intersection of study_status_tags and this values list

• KEY • The list of fields to use for appointment identification. By default user_id, start_time and end_time are used (optional)
• EVENTS • The list of SIU events to handle. Supported events are S12 through S17. S12 handler is enabled by default when there is no EVENTS key in the setting (optional)

• last • location of the last name in the HL7 message e.g. STF_3_1
• first • location of the first name in the HL7 message e.g. STF_3_2
• email • location of the email address in the HL7 message e.g. STF_10_8
• npi • location of the NPI in the HL7 message e.g. PRA_6_1
• npi_to_alias • flag indicating that the NPI should be mapped to the account_alias field
• append_npi_to_last • flag indicating that the NPI should be appended with a ^ to the users last name
• role_id • UUID of the role to add the users to the account as

• create_patient - flag to create a patient record
• search_for_thins - A JSON array of the destination uuid(s) to search using the create_thin and copy_to the users namespace parameters
• search_for_studies - A JSON array of the destination uuid(s) to search using the create_study and copy_to the users namespace parameters
• accession_number - Specify the name of the assertion attribute to add the accession number to the study search
• blocked_emails - A JSON array of email addresses to block from this workflow. Use this to block system assigned dummy email addresses that would result in multiple patients accessing others patients PHI
• source_namespace - The uuid of the namespace to share the studies from if the user is not a patient. If the user is a patient the entire account is searched for studies.
• skip_patient_search - Flag to force the use of the source_namespace if the user is a patient.
• force_reshare - Flag to force a reshare of the studies. This is useful for picking up changed study information.

• athena_client_id • The Athena client id
• athena_site • The Athena instance to contact either 'prod' or 'preview'
• athena_mwl_modality • The modality type the MWL order will be created for
• athena_mwl_ae_title • The ae title of the modality the MWL order will be created for
• athena_mwl_lookup • An optional field that contains a JSON list of hashes that can override the modality and ae_title values. The hash(es) have the following keys. The list is processed in order and the first match is applied to the order. e.g. '[{"ae_title":"abc","regexp":"/chest/","modality":"CT"}]'
  • regexp • A regular expression to match against the requested procedure description returned from Athena
  • modality • The modality for the MWL order
  • ae_title • The ae_title for the MWL order
• Optionally the Athena orders will be turned into hl7 messages rather than orders if the following three account named customfields are populated with values
  • athena_hl7_template • A field that contains a Text::Template that will be run against the retrieved order and the resultant hl7 sent to /hl7/add
  • athena_hl7_node_uuid • A field that contains the uuid of the node that will be used for the /hl7/add call
  • athena_hl7_node_serial_no • A field that contains the serial_no of the node that will be used for the /hl7/add call

• A delay specified directly as a scalar value
• A JSON object with delays by modality. Object fields are modalities or a special value ALL for default. Values are delays.
• A delay table. It is a JSON list of conditional delays (JSON objects) with two fields: delay specifies a delay, condition is a condition in format used by customfield's show_when field. Possible condition's parameter types are 'field' and 'customfield'. Conditions are checked sequentially, first match gives the delay.

• report_type • SR - for structured reports, attachment (by default) - for pdf attachments, requires the field key additionally (SR|attachment)
• field • Hl7 field/subfield to extract for the attachment report type. E.g. OBX-12_5_5

• transform • A transform condition expression (see /transform/add for format) to match against the HL7 SIU messages. If the message matches the workflow is triggered.
• mrn • The HL7 field that holds the MRN(s) to push studies for e.g. PID_4
• procedure_date • The HL7 field that holds the scheduled procedure date and time e.g. SCH_11_4
• minutes_before • The number of minute before the procedure date the siu_push workflow should be run
• destination_field • The HL7 field that holds the destination value e.g. PV1_3_1
• destination_map • A JSON hash that maps the value from the destination_field to a destination UUID e.g. {"ABC": "DESTINATION_UUID"}
• cancel_field • The HL7 field that holds the value to link a S15 cancel message with the S12 appointment message e.g. SCH_2
• destination_options • A JSON hash that defines options per destination. The keys are destination UUIDs, values are JSON objects with the following keys:
  • number_of_studies • The maximum number of studies to push, 10 by default.
  • start_datetime • The DICOM date or datetime to limit the studies list by study date. Substitution tokens are supported. Account time zone is considered.
  • end_datetime • The DICOM date or datetime to limit the studies list by study date. Substitution tokens are supported. Account time zone is considered.
  • namespaces • A comma separated list of namespace UUIDs to push studies from. Only a destination's namespace is considered by default. Studies from namespaces other than the destination's one are shared to the destination's namespace prior to push.

• transform • A transform condition expression (see /transform/add for format) to match against the HL7 ORM or SIU messages. If the message matches a query retrieve is triggered against the destinations
• mrn • The HL7 field that holds the MRN(s) to query on e.g. PID_4
• destination • A JSON list of the destination uuid(s) to query for studies
• match • A JSON hash of the study fields and HL7 fields that must match in addition to the MRN e.g. {"patient_birth_date":"PID_7"}
• fields • A JSON hash of the study fields and HL7 fields to update the matched study with e.g. {"patientid":"PID_3"}
• webhook_match • The uuid of the webhook to call if the study and ORM match. The type of the webhook needs to be 'MANUAL'.
• webhook_no_match • The uuid of the webhook to call if the study and ORM do not match. The type of the webhook needs to be 'MANUAL'.
• only_once • Set this flag to 1 if you want this run only on the first order
• start_datetime • DICOM start date time stamp to bound the search (optional)
• end_datetime • DICOM end date time stamp to bound the search (optional)
• squelch • The number of minutes to squelch repeated queries for the patient and destination. (optional)
• delay • The number of seconds to delay the fetch for. (optional)
• siu • A JSON hash if appointment SIU messages should be included in the workflow. The following keys and values are supported:
  • procedure_date • The HL7 field that holds the scheduled procedure date and time e.g. SCH_11_4
  • minutes_before • The number of minute before the procedure date the query retrieve workflow should be run
  • cancel_field • The HL7 field that holds the value to link a S15 cancel message with the S12 appointment message e.g. SCH_2

• transform • A transform condition expression (see /transform/add for format) to match against the HL7 ORU messages. If the message matches a query retrieve is triggered against the destinations
• search • A JSON hash of the /destination/search fields and associated HL7 field to get the search data from e.g. {"accession_number":"OBR_3","patient_birth_date":"PID_7","patient_sex":"PID_8"}
• destination • A JSON list of the destination uuid(s) to query for studies
• fields • A JSON hash of the study fields and HL7 fields to update the retrieved study(s) with e.g. {"patientid":"PID_3"}
• max • The maximum number of studies to retrieve. If the search returns more than the max the retrieve is not run. This defaults to 1.
• rerun • Flag to re-run the search and retrieve even if a study is already associated with the message

• transform • A transform condition expression (see /transform/add for format) to match against the HL7 message. If the message matches the date is extracted from the HL7 message and the route is delayed.
• procedure_date • The HL7 field that holds the procedure date and time e.g. OBR_7
• minutes_before • The number of minute before the procedure date the route should be run

• tag • The external viewer tag
• type • The type of external viewer (resmd|eunity|iconnect|traumacad)
• key • The api key for resmd or the CLO Access Key ID for eunity or the encryption key for iconnect
• url • The root url for resmd or the base eunity, iconnect or traumacad server url
• secret • The shared secret for resmd or the CLO Secret Key for eunity
• encrypt_id • The encryption id for resmd
• serviceInstanceParameter • Optional value for eunity (defaults to DG_HARVESTER)
• userID • userID value for iconnect
• domain • domain for iconnect (defaults to AMBRA)
• role • role for iconnect (defaults to EMRUSERS)
• priors • Flag to include priors in eunity (same patientid, patient_birth_date and phi_namespace)
• most_recent_prior • Flag to include the most recent prior in eunity
• other_params • A JSON array of other parameters to add to the URL

• user • The EPIC user name to use for basic auth against the Epic FHIR API (not needed for the OAuth integration)
• password • The basic auth password, this will be encrypted for storage and future viewing (not needed for the OAuth integration)
• epic_client_id • The EPIC client id
• url • The root EPIC url to call. api/FHIR/DSTU2/Patient will be appended to it
• version • Optional version number to be used after DSTU (defaults to 2)
• full_url • Optional full URL for the Epic endpoint if is not in the standard location.
• use_iss_host • Flag to substitute the host passed in the iss parameter during the OAuth cycle into the full_url
• mrn_field • The name of the identifier field that holds the MRN e.g. urn:oid:1.2.840.114350.1.13.0.1.7.5.737384.0. If the integration supports multiple Epic instances that can be a JSON array of the identifier fields to search for.
• timeout • Optional number of seconds for the timeout on the FHIR call to Epic, defaults to 5
• upload_namespace_id • UUID of the namespace to upload into. Defaults to the account namespace if not specified
• include_first_in_match • Flag to include the first name in the search. Default is last, dob and gender.
• mrn_search • Search by MRN instead of patient PHI. This field must contain a text template to create the Epic identifier value e.g. MRN|{$patientid}
• mrn_search_activity • Search by MRN in the activity list. This field must contain a text template to create the Epic identifier value e.g. MRN|{$patientid}
• skip_phi_update • Skip the lookup for patient phi to update the study, send the study to activities queue
• server_oauth_url • Full URL to the Epic endpoint to get the server to server OAuth token from e.g. https://apporchard.epic.com/interconnect-aocurprd-oauth/oauth2/token
• server_oauth_private_key • The private key to encrypt the JWT token for server OAuth. The public key is registered with Epic. Each setup requires a unique key setup and the the keys can be generated as follows
  openssl genrsa -out privatekey.pem 2048
openssl req -new -x509 -key privatekey.pem -out publickey509.pem -subj '/CN=myapp'
  To convert the private key to a single line for JSON usage run the following command
  jq -sR < privatekey.pem
• create_thin_study • Flag to create a thin study for the view_study action if the study does not exist. The account setting accession_number_for_study_uid needs to be on for the study retrieval to work.
• include_priors • Flag to include priors for anonymous user links created by the view_study action
• link_user • UUID of the user to create the anonymous links with
• apply_epic_name_format • Flag to apply the epic_name_format value to the result patient names
• inbasket_setup • A JSON hash with the information needed to send inbasket messages. The keys and values are as follows:
  • url • The full URL to post the message too e.g. https://apporchard.epic.com/interconnect-aocurprd-username/api/epic/2014/Common/Utility/SENDMESSAGE/Message
  • SenderID • The value as per the Epic API documents e.g. FAMMD
  • Recipients • The value as per the Epic API documents e.g. [{"ID":"IPMD","IDType":"External","IsPool":""}]
  • MessageType • The value as per the Epic API documents
  • MessagePriority • The value as per the Epic API documents
  • message_template • A text template to apply against the study for the message. Use a pipe symbol to split the message into multiple lines e.g. A study for {$patientid} was uploaded|Date: {$study_date}|Call us for support

• upload • Trigger the Epic upload workflow
• sso_share_phr_workflow • Trigger the account sso_share_phr_workflow workflow
• view_study • Launch a viewer for the passed accession_number or study_uid and namespace_id. Additional the mrn (patID) and the accession_number needs to passed if the create_thin_study option is enabled
• view_patient • Launch a study list for the passed mrn (or patID)

• study_upload_client_id • client_id of the Cerner app created to support STUDY_UPLOAD
• view_study_list_client_id • client_id of the Cerner app created to support VIEW_STUDY_LIST
• aud • The dstu2 FHIR spec url from the Cerner app
• upload_namespace • The uuid of the namespace to upload the studies to
• link_user • UUID of the user to create the anonymous links with
• mrn_field • Name of the field that holds the MRN, defaults to urn:oid:2.16.840.1.113883.3.787.0.0
• prompt_for_anonymize • Flag to prompt if the anonymization rules should be applied (optional)
• upload_match • Same format and functionality as the epic_upload_match setting (optional)

• auth_url • The root Cerner url to call for oauth token
• data_url • The root Cerner url to call for the user data API
• key • The Cerner OAuth key
• secret • The Cerner OAuth secret, this will be encrypted for storage and future viewing

• search_namespaces • List of namespace uuid(s) to search for the MRN
• search_destinations • List of destination uuid(s) to query retrieve for the MRN if the namespace search do not find any results
• share_namespace • UUID of namespace to share the search results into
• search_status_customfield • UUID of optional Study customfield to put either "primary" or "secondary" for the search source
• secondary_search • Hash of Flag if a secondary search of namespaces and destinations by patient name and DOB should be run if the primary MRN search does not return any results
• patient_name • Specify where the patient name is located in the HL7 message, defaults to PID_5
• patient_birth_date • Specify where the birthdate is located in the HL7 message, defaults to PID_7
• other_customfields • Optional hash of customfields UUID and HL7 fields to update the study with

• tag • The query type tag
• arm • The subject arm or an arm list the tag is limited to (optional)

• tag • The query status

• elapsed_from_reply • The number of seconds passed from the last reply
• elapsed_from_status_change • The number of seconds passed from the last query status change
• elapsed_from_reminder • The number of seconds passed from the last reminder sent out for the query
• any query field • Any query field can be referred here

• do • The action to perform on condition match (remind|add_recipient)
• user_id • The user ID (or an array of user IDs) to add as a recipient to the query. Applies for the add_recipient action only (optional)

• subject • The query subject line
• body • The query body
• key • The query type tag

• warn • The number of days after which a public key is considered outdated
• expire • The number of days after which a public key is considered expired and can no longer be used to log in
• notify • A comma separated list of emails to warn about an outdated public key

1. A user can have up to 10 active sessions. Old sessions are dropped first.
2. The call must be a POST
3. If vanity is not passed but the call is from a vanity URL vanity will be populated
4. vanity/login processing rules
   • If the call has a login but no vanity the user email address is used for searching.
   • If there is a vanity the account_login is used for searching.
   • If the vanity/login search fails the login is used for a user email search
5. If the user has an account_password the password will be checked against that, if not it will be checked against the user's password
6. At login the user is assigned a session_expire value that is either the system default of 3 hours or the first specific user account session override or the lowest value of all accounts the user is a member of. If a location is passed it will override the session_expire with the value from the login_location account setting. Likewise a brand session_expire will override any other value.
7. If a validate_session succeeds a SESSION_VALIDATED event is written to the users audit log.

• The access_token should be passed as the Bearer value in the Authorization headers to access API entry points that require validation
• The call must be a POST

• The PIN expires after 10 minutes or 3 invalid attempts to validate it
• Other API calls that require a sid will return a 401 until the PIN is validated
• remember_device parameter enables "Remember this device" feature used to suppress second authentication factor (PIN) on next login. The device_id HTTP cookie will be set and the device will be remembered. Both cookie and IP address should match for PIN step to be skipped the next login. Cookie is set for 30 days. Number of trusted devices is limited to 100, the most old ones are evicted when a new device is remembered.

• The session is invalidated when invalid signature is provided
• Other API calls that require a sid will return a 401 until the session which requires a signature is validated
• The signature is calculated for a message consisting of the following parts joined by null character: user email, the current sid (binary form), the user's public key in DER form and the 'sha256' string. The signature should be calculated using the user public key's algorithm with the SHA-256 hashing algorithm.

• The call must be a POST

• The call must be a POST

• show_org_manage_link (boolean) • Show link to manage multiple organizations
• advanced_search (array) • Advanced search customization for role. See account level "advanced_search" ui_json param for possible values
• enable_v3_viewer (boolean) • If set, enables ProViewer for PHR account

• show_org_manage_link (boolean) • Show link to manage multiple organizations
• advanced_search (array) • Advanced search customization for role. See account level "advanced_search" ui_json param for possible values
• enable_v3_viewer (boolean) • If set, enables ProViewer for PHR account

1. The call must be a POST
2. If you are trying to set a user other than yourself you must have user_edit permissions in the account and the user must only be in your account.
3. You can not change the password, email or cc_token or MD5 of acceptances of another user. Any changes will be ignored.
4. Only sysadmins and support users are allowed to change allowed_login_brands. An ordinary cannot change allowed_login_brands even for himself.
5. If a time_zone is set it will take precedence over any time zone passed in filter.tz. This allows a distributed organization to ensure that everyone is looking at the same data.
6. The public key should be in RFC4716 format.

• The welcome email with a password reset link with be mailed to the user
• If the user_account record has a customfield named welcome_email_vanity the value of that field will be used as the vanity to brand the email

• An email will be sent to the user inviting them to join this account.
• The email will contain a link of the form {link}{invite_id}.
• The UI should process this link to extract the invite_id and use it on the /user/invite/accept command.
• If a role is not specified the user will be given the default role.
• The account switch add_on_invite changes the behavior so that the user is automatically added if they are a member of the system