Chatee ahora con Soporte
Chat con el soporte

Identity Manager 9.1.1 - Epic Healthcare System Administration Guide

Managing an Epic health care system Setting up synchronization with an Epic health care system Basic Data for managing an Epic health care system Epic EMP template Epic SubTemplate Epic Connection Epic EMP User Accounts Security Matrix Configuration parameters for managing Epic health care system Default project template for Epic

Assign Epic SubTemplate Matrix Property Mapping

A mapping must be established between the Person Identity attributes and the SubTemplate security matrix attributes, in order to group the SubTemplate with one or more attributes of the Identity. Refer to the section Configuring SecurityMatrix for SubTemplate for configuration details.

Related Topics

View Epic Security Matrix for SubTemplate

The Security Matrix for SubTemplate once imported could be viewed using One Identity Manager. Refer to the section Viewing the SubTemplate Security Matrix for details.

Related Topics

Configure settings for SubTemplate Index

SubTemplate assigned to an Epic EMP user must have a priority (also called index). The default SubTemplate priority for different OneIM organizations and business roles can be configured. When an user receives a SubTemplate through base tree based inheritance, the configured SubTemplate priority for the organization is automatically applied.

To configure the SubTemplateIndex settings follow the below mentioned steps:

  1. In One Identity Manager, select the appropriate Epic connection that has been created.
  2. In the Tasks section, select the link Configure settings for SubTemplateIndex.
  3. Update the SubTemplate Index for the organization or business role
  4. Save the settings.

Related Topics

Epic EMP User Accounts

Epic EMP user accounts can be managed from One Identity.

User Report

The master list of Epic EMP user accounts that should be managed from One Identity Manager should be exported from Epic and provided in a CSV file. The name of the CSV file should be Users.csv. This is called the user report and the generated report should be copied to the configured CSV import directory (The CSV import directory was configured when you created the synchronization project).

NOTE:

  • Contact Epic regarding on how to automate the user report generation and dropping the report generated to the CSV import directory.

If the CSV import directory is a local folder on the job server and One Identity Manager workstation, make sure to copy the user report to both the job server’s and One Identity Manager workstation’s local folder

If the CSV import directory is a network share, make sure it is accessible from both the job server and One Identity Manager workstation.

The Users.csv report has a specific format. It should contain the following fields and the order should be maintained.

  • User Number (Local ID or External ID): The Epic Emp user’s External ID.
  • System Login: The Epic Emp user’s System Login ID.
  • UserName: The Epic Emp user’s name.
  • User Record Status: The Epic Emp user’s status (Active / InActive).

IMPORTANT:

  • The first line in the Users.csv report should be the header row with the fields specified above.
  • Field ordering in the Users.csv report should be maintained.
  • The user number provided should be the Epic EMP user’s External ID.
  • If any of the field has a comma it should be escaped properly with double quotes.
  • The user report should contain only the list of EMP user accounts that need to be managed from One Identity Manager. EMP user accounts such as service user accounts or In-Active accounts or any other user accounts that does not need to be managed from One Identity Manager should not be there in the user’s report and these users can be filtered out when the report is generated in Epic.
User Report customization

Epic connector uses the user report to get the master list of Epic EMP user accounts. Sometimes additional customization might need to be done to the user report generated. For example, we might want to remove certain Epic EMP user accounts such as contractors from the user report, which could have not been possible when the report is generated in Epic. To address these use cases, Epic connector provides the ability to perform additional customization to the user report generated from Epic. The Epic report customization is done in a PowerShell script named EPCUserReportFilterScript.ps1.

The Epic connector now uses the Epic EMP user data returned by the EPCUserReportFilterScript.ps1 PowerShell script as the master list of Epic EMP users and does not use the user data from the Users.csv file.

To perform additional user report customization

  1. In the synchronization project choose advance settings
  2. Select the option Use Custom PowerShell Script for User Import. Save the synchronization project changes.
  3. Copy the EPCUserReportFilterScript.ps1 PowerShell script from installer’s EPC Module dvd/Addon folder to the configured CSV import directory in synchronization project .

    NOTE: If the CSV import directory is configured as a local folder then the PowerShell script must be copied to the local folder in job server and OneIM workstation.

  4. The Epic connector calls the PowerShell script’s Get-OneIMEpicUsers function to get the list of Epic EMP users. Customize the function according to the requirements.

    IMPORTANT: The data must be returned in the format as documented in the function.

Testing the changes

Once the PowerShell script has been customized it must be tested.

  1. Update the Test-Get-OneIMEpicUsers function in the PowerShell script and run the script. This is a test function that validates the data returned by the Get-OneIMEpicUsers function. Make sure the data is returned is correct

    NOTE: The PowerShell script can be run from the OneIM workstation.

  2. Open the synchronization project and navigate to the start up configuration. Run a simulation. Make sure the data returned is correct. This test makes sure that the Epic connector can invoke the PowerShell script and load the data returned by the PowerShell script.

    NOTE:

Epic EMP user account attribute un-locking

Epic EMP user account attributes need to be un-locked in Epic in order to manage them from One Identity. The following table provides the list of Epic EMP attributes along with the EMP item number. Contact the Epic data courier team and un-lock attributes that you want to manage from One Identity.

Table 24: Epic EMP attributes
EMP item number EMP attribute name Comments
.1 User Number  
.2 UserName  
23 Contact Comment  
35 User Name  
36 User Name Over Time  
45 System Login  
50 Status  
55 User Login Blocked  
180 User Alias  
720 Effective From Date  
730 Effective To Date  
14100 Notes  
14700 Sex  

20414

Primary Manager

 

198

Applied Linkable Template

 

.198

Applied Linkable Template Record Name

 

1101

Default Linkable Template

 

.1101

Default Linkable Template Record Name

 

40 Password Applicable only if Native authentication has been enabled in Epic
20415 Additional Managers  
1110 Linkable Templates  
1111 Linkable Templates Effective from Date  
1112 Linkable Templates Effective to Date  
1115 Linkable Templates Login Types  

9205

Linked Subtemplates

 

20701

User MPI ID

 

20700

User MPI ID Type

 

2401

Type of External ID

 

2402

External User ID

 

2405 External ID Active  
14150 Employee Demographic 1
14151 Employee Demographic 2
14152 Employee Demographic 3
100 Address  
110 City/Locality  

112

County

 

135

Country

 

120

State/Province

 

130

Zip Code

 

140

Phone Number

 

150 Email Address  
114 District  
102 House Number  

17500

LinkedProviderID

 

Documentos relacionados

The document was helpful.

Seleccionar calificación

I easily found the information I needed.

Seleccionar calificación