Tchater maintenant avec le support
Tchattez avec un ingénieur du support

Identity Manager 9.1.1 - Epic Healthcare System Administration Guide

Managing an Epic health care system Setting up synchronization with an Epic health care system Basic Data for managing an Epic health care system Epic EMP template Epic SubTemplate Epic Connection Epic EMP User Accounts Security Matrix Configuration parameters for managing Epic health care system Default project template for Epic

Linking user account to employees

The central component of One Identity Manager is to map employees and their master data with permissions through which they have control over different target systems. For this purpose, information about user accounts and permissions can be read from the target system into the One Identity Manager database and linked to employees. This gives an overview of the permissions for each employees in all of the connected target systems. One Identity Manager provides the possibility to manage user accounts and their permissions. You can provision modifications in the target systems. Employees are supplied with the necessary permissions in the connected target systems according to their function in the company. Regular synchronization keeps data consistent between target systems and the One Identity Manager database. Because requirements vary between companies, One Identity Manager offers different methods for supplying user accounts to employees.

One Identity Manager supports the following method for linking employees and their user accounts.

  • Employees can automatically obtain their user accounts using account definitions. If an employee does not yet have a user account in Epic, a new user account is created. This is done by assigning account definitions to an employee using the integrated inheritance mechanism and subsequent process handling. When you manage user accounts through account definitions, you can specify the way user accounts behave when employees are enabled or deleted.
  • When user accounts are inserted, they can be automatically assigned to an existing employee or a new employee can be created if necessary. In the process, the employee master data is created on the basis of existing user account master data. This mechanism can be implemented if a new user account is created manually or by synchronization. Define criteria for finding employees for automatic employee assignment
  • Employees and user accounts can be entered manually and assigned to each other.

For more information, see

Editing master data for user account

A user account can be linked to an employee in One Identity Manager. You can also manage user accounts separately from employees.

NOTE:

  • It is recommended to use account definitions to set up user accounts for company employees. In this case, some of the master data described in the following is mapped through templates from employee master data.
  • If employees are to obtain their user accounts through account definitions, the employees must own a central user account and obtain their IT operating data through assignment to a primary department, a primary location or a primary cost center.

To create a user account

1. In One Identity Manager, select Epic health care | User accounts.

2. Click in the result list toolbar.

3. On the master data form, edit the master data for the user account.

4. Save the changes.

To edit master data for a user account

1. In One Identity Manager, select Epic health care | User accounts.

2. Select the user account in the result list and run Change master data.

3. Edit the user account's resource data.

4. Save the changes.

For more information, see

Related Topics

Account definition for Epic User Account

General master data for Epic User Account

General master data for an Epic EMP user account

Enter the following data on General tab

Table 25: Additional Master Data for a User Account
Property Description
Employee

Employee that uses this user account. An employee is already entered if the user account was generated by an account definition. If you create the user account manually, you can select an employee in the menu. If you are using automatic employee assignment, an associated employee is found and added to the user account when you save the user account.

For a user account with an identity of type Organizational identity, Personalized administrator identity, Sponsored identity, Shared identity or Service identity, you can create a new employee.

To do this, click Next to the input field and enter the required employee master data. The login data required depends on the selected identity type.

Account Definition

Account definition through which the user account was created. Use the account definition to automatically fill user account master data and to specify a manage level for the user account. The One Identity Manager finds the IT operating data of the assigned employee and enters it in the corresponding fields in the user account.

NOTE: The account definition cannot be changed once the user account has been saved.

Manage Level Manage level of the user account. Select a manage level from the menu. You can only specify the manage level if you have also entered an account definition. All manage levels of the selected account definition are available in the menu.
Account Name Template calculated value that is set to user’s Name.
User Account is Blocked Check this check box if user account is blocked.
Block status reason

Optionally select the reason why the user is account is blocked.

NOTE: Block status reason is a defined list of values and can be customized in the Designer

Block status comment Optional comment on why the user account is blocked.
First Name The first name of the user. If you have assigned an account definition, the input field is automatically filled with the manage level.
Last Name The last name of the user. If you have assigned an account definition, the input field is automatically filled with the manage level.
Middle Name The middle name of the user. If you have assigned an account definition, the input field is automatically filled with the manage level.
Gender Select the gender of the user. If you have assigned an account definition, the input field is automatically filled with the manage level.
UserExternalID Read only field. The user’s external id is created in Epic and synchronized back in to OneIM database.
Community ID Read only field. The user’s community id is created in Epic and synchronized back in to OneIM database.
Internal ID Read only field. The user’s internal id is created in Epic and synchronized back in to OneIM database.
System Login ID The user’s system login id.
Display Name Template calculated value that is set to user’s Name.
Name Template calculated value that is set to user’s Name. Once synchronization runs for the user, the user’s External ID is appended to the name.
User Alias The user’s alias.
User Notes Any notes about the user.
Start Date The date on which the user becomes active. On object creation, if you have assigned an account definition, the input field is automatically filled with the manage level.
End Date The date at which the user becomes inactive. If you have assigned an account definition, the input field is automatically filled with the manage level.
Contact Comment

Contact comment for the user. This is a Template calculated value.

NOTE:

  • The template can be customized in the Designer according to customer requirements.

  • The contact comment for Epic EPC User would be set only on user input and no default value would be applied.

Primary Manager

The user’s primary manager.

NOTE: Primary manager can be chosen only from the list of managers assigned to the user

Category Categories for the inheritance
EMPTemplate can be inherited Specifies whether the user can inherit EMPTemplate through Base tree inheritance via Organizations, Business Roles and ITShop.
SubTemplate can be inherited Specifies whether the user can inherit SubTemplate through Base tree inheritance via Organizations, Business Roles and ITShop.
IsTemplateUpdateDisabled

Specifies whether the EMPTemplate and SubTemplate can be inherited through SecurityMatrix approach. Select this option if EMPTemplate and SubTemplate inheritance should NOT happen for the user.

NOTE: Only applicable for SecurityMatrix inheritance.

DoNotSync Specifies whether the user information should NOT be synchronized from the target Epic system in to One Identity Manager. Select this option if user information should NOT be synchronized.
Privileged User Account

Specifies whether this account is a Privileged User Account.

NOTE: This option is only for governance. Setting this option does not have any impact of the target Epic system.

User account is disabled

This is a Template calculated value. Specifies whether the user account is disabled.

NOTE: The template can be customized in the Designer according to customer requirements

EMP SER Link

This field specifies the link between the Epic EMP User record and SER record.

NOTE: The prerequisite for provisioning this field is to have the LinkedProviderIDType to be configured in the respective targets synchronization project.

Related topics

Demographic data for Epic User Account

Enter the following Demographic data on the Demographics tab. The demographic information listed here can be provisioned on to the target Epic system. This information is not synchronized from the target Epic system on to One Identity Manager.

Table 26: Demographics data
Property Description
Phone The user’s phone number. If you have assigned an account definition, the input field is automatically filled with the manage level.
Phone extension The user’s phone extension. If you have assigned an account definition, the input field is automatically filled with the manage level.
Contact Email The user’s contact Email. If you have assigned an account definition, the input field is automatically filled with the manage level.
House Number The user’s house number. If you have assigned an account definition, the input field is automatically filled with the manage level.
Street The user’s street. If you have assigned an account definition, the input field is automatically filled with the manage level.
City The user’s city. If you have assigned an account definition, the input field is automatically filled with the manage level.
County The user’s county. If you have assigned an account definition, the input field is automatically filled with the manage level.
District The user’s district. If you have assigned an account definition, the input field is automatically filled with the manage level.
State The user’s state. If you have assigned an account definition, the input field is automatically filled with the manage level.
Country The user’s country. If you have assigned an account definition, the input field is automatically filled with the manage level.
Zip code The user’s zip code. If you have assigned an account definition, the input field is automatically filled with the manage level.
Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation