sync: auto-sync from HOWARD-HOME at 2026-06-29 16:55:22
Author: Howard Enos Machine: HOWARD-HOME Timestamp: 2026-06-29 16:55:22
This commit is contained in:
@@ -2,6 +2,7 @@
|
||||
|
||||
## Reference
|
||||
- [ACG resource map](reference_resource_map.md) — **READ THIS FIRST** when a task references a server/service/tenant/API. What we have access to, how to connect from this machine, per-machine exceptions, gotchas. Points at the detail files below.
|
||||
- [ALIS (Medtelligent)](reference_alis_medtelligent.md) — Cascades assisted-living EHR. API host api.alisonline.com, community 622; username must be tenant-qualified (howard.enos@cascadestucson). Staff are READ-ONLY via API — create/change staff via web-UI Staff Import .xls. Use the `alis` skill.
|
||||
- [GuruRMM User Manager](reference_gururmm_user_manager.md) — GuruRMM has a built-in per-agent User Manager tab (reset_password/enable/disable/groups for local+domain+AAD endpoint users; domain users only on a DC via `is_dc`). Use it, NOT raw Set-ADAccountPassword via /rmm. Endpoints: /api/agents/{id}/users + /users/action.
|
||||
- [exchange-op = all-access Exchange tier](feedback_exchange_op_all_access.md) — STOP claiming "no tier can write mail." Exchange Operator app = Exchange Admin role + full_access_as_app + Exchange.ManageAsApp = full all-access (move mail, rules, config, EWS). Default to `exchange-op` for any Exchange write.
|
||||
- [Tedards tenant facts](reference_tedards_tenant_facts.md) — Bill Tedards law office; tenant `4fcbb1f4…`; bt@/y226@ mailboxes; matter-number filing; UAL ingestion OFF; 9 synced devices; botched-import DUPLICATE folder.
|
||||
|
||||
37
.claude/memory/reference_alis_medtelligent.md
Normal file
37
.claude/memory/reference_alis_medtelligent.md
Normal file
@@ -0,0 +1,37 @@
|
||||
---
|
||||
name: reference_alis_medtelligent
|
||||
description: ALIS (Medtelligent assisted-living EHR) API + staff-import facts for Cascades Tucson — auth quirk, read-only staff, web-UI import path. Use the `alis` skill.
|
||||
metadata:
|
||||
type: reference
|
||||
---
|
||||
|
||||
ALIS = Medtelligent's assisted-living EHR (Cascades of Tucson client). All API traffic
|
||||
goes to the shared host **`api.alisonline.com`** (the tenant URL `cascadestucson.alisonline.com`
|
||||
is just the login subdomain), scoped by the user's company + a `communityId`. **Cascades =
|
||||
communityId 622** (the only community this credential sees). Use the **`alis` skill** — don't
|
||||
hand-roll the API.
|
||||
|
||||
**Auth (verified live 2026-06-29):** `POST /user/tokens` with `{username, password}` → JWT
|
||||
(`accessToken` ~1h) + `refreshToken`; send `Authorization: Bearer <accessToken>`. The
|
||||
**username MUST be tenant-qualified**: `howard.enos@cascadestucson` works; bare `howard.enos`
|
||||
returns HTTP 400. Login creds in vault: `clients/cascades-tucson/alis-api-howard-user`
|
||||
(Howard's password was exposed in chat 2026-06-29 — flagged to rotate). Other ALIS vault
|
||||
entries: `alis-api-microsoft-basic` (BasicAuth used by Microsoft), `alis-sso-app-registration`.
|
||||
Global API security is OR(Bearer|BasicAuth|VendorKey) — a user JWT alone authorizes reads.
|
||||
|
||||
**Staff are READ-ONLY via the API** — only GET endpoints exist (`/v1/integration/staff?communityId=622`
|
||||
etc.); no create/update/delete. **To create/change staff (and their logins) you upload a
|
||||
13-column .xls in the ALIS web UI: Staff → Import.** That import sets Login Enabled + Password,
|
||||
so it's also how staff logins are provisioned. The `alis` skill builds that workbook from a
|
||||
CSV/JSON and infers each new hire's Security Roles from how existing staff of the same Job Role
|
||||
are set up (job-role → security-role map learned from live data; 23 real security roles, Job
|
||||
Role is free text). The API *does* allow writes for residents/prospects/billing (not staff).
|
||||
|
||||
**Import format (confirmed from a real ALIS export, ALIS_Staff_Update_Import.xls):** two layouts.
|
||||
CREATE (new staff) has a Password column + NO ALIS ID — rows without an ALIS ID are created.
|
||||
UPDATE (existing staff) leads with **ALIS ID** (the staffId, the match key) + no Password. So
|
||||
present-ALIS-ID = update, absent = create. **Dates are MM/DD/YYYY.** Security Roles are
|
||||
comma-separated multi-values; the `alis` skill infers the full typical combo per job role from
|
||||
current staff. Still test ONE row first before a bulk run.
|
||||
|
||||
Related: [[reference_resource_map]], [[feedback-vault-every-credential]].
|
||||
Reference in New Issue
Block a user