Feature Sets


Account Provisioning

Medable provides a number of standard objects, such as the Account object, which is critical to user management. When you sign up and your orgs are provisioned, an instance of the Account object is created for your initial admin user, which is what allows you to log into your org or orgs.

Configure Custom Data Models

Medable is designed to be extensible and customizable, so extending the standard objects and creating your own objects to suit your needs is quick and easy. You can extend the API by creating new custom objects and extending the standard objects with custom properties. You can do this via the API if you have the Administrator or Developer roles, or via the Admin UI. You can create relationships between objects such as one-to-many and many-to-many.

Roles and Permissions

Access control lists (ACLs) allow you to define fine-grained access to object instances and their properties directly in your data model.

Authentication Methods

  • Session-Based Authentication

  • Signature-Based Authentication

  • The Security Assertion Markup Language (SAML) module allows you to implement Single Sign-On (SSO) via SAML v2.0 protocol. Using this library, you can configure your org to act as a Service Provider.

Developer Tools

Cortex developer tools allow you to export org configurations from one org and import them to another. These tools also allow you to create a git-mergeable format for org configuration. As such, the exports are minimalistic in nature, having only the properties required to rebuild during import. The developer tools consist of Cortex routes, an npm module (which includes a command interface), and a reference implementation Atom plugin that utilizes the npm module. You can find documentation for installation and usage at the following link: https://github.com/Medable/mdctl.


Expressions allow developers to execute conditional logic when running scripts or policies. These operators are available to construct logic for use in the aggregation pipeline stages.

Audit Logs and Dashboards

Some event logs, such as tracking invalid login attempts, are explicitly required by 21 CFR 11 regulations. Events that affect or are required to document compliance of 21 CFR 11, Good Clinical Practice (GCP), and other regulatory requirements are logged and visible in human-readable format in the Admin Portal.

Service Accounts

For org and study configuration to be moved between environments, the system should be able to easily map user accounts; however, this process is difficult because of passwords and unique email addresses. Roles are currently mapped but user accounts are not. Because views and scripts can be run as a user and resources created must have a creator, packages need user accounts to act on their behalf. Service accounts enable running a view or script without using a named account. Developer tools and deployments can import and export service accounts.


  • Support for SMS, Email, and Push Notifications

  • Localized Templates can be used to send formatted content to a recipient

  • Files can be attached to a notification

Script Transforms

Though aggregation and projection is often much faster and less expensive that running a script transform, sometimes complex computation or data-interleaving is required that would be impractical to accomplish within a single script instance.‌

Transforms work by applying a script to an output cursor. Depending on the complexity and number of documents, a cursor transformation may be executed and re-queued multiple times before the cursor is finally exhausted.


Cortex supports on platform secure video communication through Twilio Video.


Objects can be queried using the available query arguments, allowing developers to easily search large amounts using the API.


Aggregation operators can be used to create expressions in the aggregation pipeline.


The Medable platform offers a JavaScript API for developers to create, read, update, and delete cortex objects; query and aggregate data; send custom notifications; perform callouts; console and debug logging; create object triggers; run scheduled jobs; create custom api routes and more.

All scripts run synchronously. There are no callbacks or timers and as such no implementation of functions such as setInterval, setTimeout or setImmediate.

PDF Generation

Renderer runs as a service, and will allow to convert HTML/CSS templates into PDF/CSV/HTML files, and put them into different kind of targets (FileObject, SFTP, or return as base64 result).


Cortex supports localization through custom localized string properties. Localization for a string property can be enabled via string property options. Once enabled, you can write to and read from that property in any specified locale.

sFTP Module

The SFTP module allows you to transfer files over an encrypted ssh transport between a Cortex script and a remote destination

Last updated