Chatta subito con l'assistenza
Chat con il supporto

Identity Manager 8.2.1 - Epic Healthcare System Administration Guide

Managing an Epic health care system Setting up synchronization with an Epic health care system Basic Data for managing an Epic health care system Epic EMP template Epic SubTemplate Epic Connection Epic EMP User Accounts Security Matrix Configuration parameters for managing Epic health care system Default project template for Epic

Checking Passwords

When you test a password, all the password policy settings, custom scripts and the restricted passwords are taken into account.

To test whether a password conforms to the password policy

1. Select Epic healthcare | Basic configuration data | Password policies in One Identity Manager.

2. Select the password policy in the result list.

3. Select Change master data.

4. Select the Test tab.

5. Select the table and object to be tested in Base object for test.

6. Enter a password in Enter password to test.

A display next to the password shows whether it is valid or not

Testing generation of a password

When you generate a password, all the password policy settings, custom scripts and the restricted passwords are taken into account.

To generate a password that conforms to the password policy

1. Select Epic healthcare | Basic configuration data | Password policies in One Identity Manager.

2. Select the password policy in the result list.

3. Select Change master data.

4. Select the Test tab.

5. Click Generate.

This generates and displays a password.

Initial password for Epic User Account

You have the following possible options for issuing an initial password for a new Epic user account.

  • Create user accounts manually and enter a password in their master data.
  • Assign a randomly generated initial password to enter when you create user accounts.
    1. Enable the TargetSystem | EPC | Accounts | InitialRandomPassword configuration parameter in Designer.
    2. Apply target system specific password policies and define the character sets that the password must contain.
    3. Specify which employee will receive the initial password by email.
  • User the employee's central password. The employee’s central password is mapped to the user account password. For more information about an employee’s central password, see One Identity Manager Identity Management Base Module Administration Guide.
Related Topics

Email notification about login data

You can configure the login information for new user accounts to be sent by email to a specified person. In this case, two messages are sent with the user name and the initial password. Mail templates are used to generate the messages. The mail text is defined in several languages in a mail template. which means the recipient ’s language can be taken into account when the email is generated. Mail templates are supplied in the default installation with which you can configure the notification procedure.

Prerequisites

The following prerequisites must be fulfilled in order to use notifications

1. Ensure that the email notification system is configured in One Identity Manager. For more information, see the One Identity Manager Installation Guide.

2. In Designer, enable the Common | MailNotification | DefaultSender configuration parameter and enter the sender address for sending the email notifications.

3. Ensure that all employees have a default email address. Notifications are sent to this address. For more information, see the One Identity Manager Identity Management Base Module Administration Guide.

4. Ensure that a language can be determined for all employees. Only then can they receive email notifications in their own language. For more information, see the One Identity Manager Identity Management Base Module Administration Guide.

When a randomly generated password is issued for the new user account, the initial login data for a user account is sent by email to a previously specified person.

To send initial login data by email

1. In the Designer, activate the configuration parameter TargetSystem | Epic healthcare | Accounts | InitialRandomPassword.

2. In the Designer, activate the configuration parameter TargetSystem | Epic healthcare | Accounts | InitialRandomPassword | SendTo and enter the recipient of the notification as a value.

3. In the Designer, activate the configuration parameter TargetSystem | Epic healthcare | Accounts | InitialRandomPassword | SendTo | MailTemplateAccountName.

By default, the message sent uses the mail template Employee - new user account created. The message contains the name of the user account.

4. In the Designer, activate the configuration parameter TargetSystem | Epic healthcare | Accounts | InitialRandomPassword | SendTo | MailTemplatePassword.

By default, the message sent uses the mail template Employee - initial password for new user account. The message contains the initial password for the user account.

NOTE: Change the value of the configuration parameter in order to use custom mail

templates for these mails.

Target system managers

A default application role exists for the target system manager in One Identity Manager.

Assign the employees who are authorized to edit all tenants in One Identity Manager to this application role.

Define additional application roles if you want to limit the edit permissions for target system managers to individual tenants. The application roles must be added under the default application role.

For more information about implementing and editing application roles, see the One Identity Manager Authorization and Authentication Guide.

Implementing application roles for target system managers

1. The One Identity Manager administrator assigns employees to be target system managers.

2. These target system managers add employees to the default application role for target system managers.

Target system managers with the default application role are authorized to edit all tenants in One Identity Manager.

3. Target system managers can authorize other employees within their area of responsibility as target system managers and if necessary, create additional child application roles and assign these to individual connections.

Default Application Roles for Target System Managers
Table 15: Default Application Roles for Target System Managers
Users Tasks
Target system managers

Target system managers must be assigned to Target systems | Epic or a sub-application role.

Users with this application role:

Assume administrative tasks for the target system.

• Create, change or delete target system objects, like user accounts and update the EMPTemplates or SubTemplates.

• Edit password policies for the target system.

• Prepare groups for adding to the IT Shop.

• Can create employees with an identity that differs from the Primary identity.

• Configure synchronization in the Synchronization Editor and defines the mapping for comparing target systems and One Identity Manager.

• Edit the synchronization's target system types and outstanding objects.

• Authorize other employees within their area of responsibility as target system managers and create child application roles if required.

To initially specify employees to be target system administrators

1. Log in to One Identity Manager as Manager administrator (Base role | Administrators).

2. Select One Identity Manager Administration | Target systems | Administrators.

3. Select Assign employees.

4. Assign the employee you want and save the changes.

To add the first employees to the default application as target system managers

1. Log into One Identity Manager as Target System Administrator (Target systems | Administrators).

2. Select One Identity Manager Administration | Target systems | Epic healthcare.

3. Select Assign employees in the Task view.

4. Assign the employees you want and save the changes.

To authorize other employees as target system managers when you are a target system manager

1. Log into One Identity Manager as target system manager.

2. Select the application role in Epic healthcare | Basic configuration data | Target system managers.

3. Select Assign employees.

4. Assign the employees you want and save the changes.

To specify target system managers for individual clients

1. Log into One Identity Manager as target system manager.

2. Select Epic healthcare | Connections.

3. Select the client from the result list.

4. Select Change master data.

5. On the General tab, select the application role in the Target system manager menu.

- OR -

Next to the Target system manager menu, click to create a new application role.

a. Enter the application role name and assign the Target systems | Epic healthcare parent application role.

b. Click OK to add the new application role.

6. Save the changes.

7. Assign employees to this application role who are permitted to edit the client in One Identity Manager.

Related Topics

One Identity Manager users for managing an Epic health care system

Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione