지금 지원 담당자와 채팅
지원 담당자와 채팅

Identity Manager 9.2.1 - Epic Healthcare System Administration Guide

Managing an Epic health care system Setting up synchronization with an Epic health care system Basic Data for managing an Epic health care system Epic Connection Epic EMP User Accounts Epic EMP template Epic EMP subtemplate Epic SER Items Epic SER Provider accounts Epic SER Blueprints Epic SER Template Security Matrix Configuration parameters for managing Epic health care system Default project template for Epic

Managing an Epic health care system

One Identity Manager Epic health care system module provides the ability to connect to Epic health care systems and help manage the health care system identities and their access policies from One Identity Manager. Identity and Access Governance processes such as attesting, Identity Audit, user account management and system entitlements, IT Shop, or report subscriptions can be used for Epic health care systems. The integration provides a one stop shop for managing Epic health care identities, their access policies and ensures a strong identity governance.

One Identity Manager provides company identities with the necessary user accounts that include Epic EMP user accounts and Epic SER provider accounts. You can use different mechanisms to connect identities to their user accounts. You can also manage user accounts independently of identities.

Architecture overview

To access Epic health care system data, the Epic health care system connector is installed on a synchronization server. The synchronization server ensures that the data is compared between the One Identity Manager database and Epic health care system. The Epic health care system connector uses the Epic web services and csv reports for accessing Epic health care system data.

At a high level, the Epic health care module provides the following two features leveraging the Epic web services and csv reports.

  • Provisioning
    • Provision Epic EMP user accounts along with their entitlements (Epic EMP template and Epic Epic EMP subtemplate) created in One Identity Manager on to the target Epic health care system.
    • Provision Epic SER provider accounts created in One Identity Manager on to the target Epic health care system
  • Synchronization
    • Synchronize Epic EMP user accounts along with their entitlements including Epic EMP templates and Epic EMP subtemplates into One Identity Manager.

    • Synchronize Epic SER provider accounts, Epic SER blueprints, Epic SER templates and category list into One Identity Manager.

One Identity Manager users for managing an Epic health care system

The following users are used in Epic health care system administration.

Table 1: Users used in Epic health care system administration
Users Task
Target system administrators

Target system administrators must be assigned to the Target systems | Administrators application role.

Users with this application role

  • Administrate application roles for individual target systems types
  • Specify the target system manager
  • Set up other application roles for target system managers if required
  • Specify which application roles are conflicting for target system managers
  • Authorize other identity to be target system administrators
  • Do not assume any administrative tasks within the target system
Target system managers

Target system managers must be assigned to Target systems | Epic or a sub-application role.

Users with this application role

  • Assume administrative tasks for the target system
  • Create, change or delete target system objects, like user accounts (Epic EMP user accounts and Epic SER provider accounts)
  • Edit password policies for the target system
  • Prepare Epic EMP template and Epic EMP subtemplate for adding to the IT Shop
  • Configure synchronization in the Synchronization Editor and define the mapping for comparing target systems and One Identity Manager
  • Edit the synchronization's target system types and outstanding objects
  • Authorize other identities within their area of responsibility as target system managers and create child application roles if required
One Identity Manager administrators
  • Create customized permissions groups for application roles for role-based login to administration tools in Designer as required
  • Create system users and permissions groups for nonrole- based login to administration tools in Designer as required
  • Enable or disable additional configuration parameters in Designer as required
  • Create custom processes in Designer as required
  • Create and configures schedules as required
  • Create and configure password policies as required
Administrators for the IT Shop

Administrators must be assigned to the Request & Fulfillment | IT Shop | Administrators application role.

Users with this application role

  • Assign to IT Shop structures
Product owner for the IT Shop

Product owners must be assigned to the Request & Fulfillment | IT Shop | Product owner application role or a child application role.

Users with this application role

  • Approve through requests
  • Edit service items and service categories under their management
Administrators for Organizations

Administrators must be assigned to the application role Identity Management | Organizations | Administrators.

Users with this application role

  • Assign to departments, cost centers and locations
Business roles administrators

Administrators must be assigned to the application role Identity Management | Business roles | Administrators.

Users with this application role

  • Assign to business roles

Setting up synchronization with an Epic health care system

Epic health care system prerequisites

The following are the Epic health care system EMP connection prerequisites

Epic version supported: May 2019, August 2020, May 2020, February 2020, November 2020, February 2021, May 2021, August 2021, November 2021, February 2022, May 2022, November 2022, February 2023, May 2023, August 2023, November 2023.

NOTE: Prior Epic versions should also be supported but not officially tested against those versions.

Epic web services: Epic’s SOAP 1.1 version of web services should be enabled and accessible. Epic system’s Personnel management and demographics (user) web services should be enabled for access

Epic web services credentials: Valid credentials that has access to the Epic web services

Client ID: Valid Epic Client ID that has access to the Epic’s personnel management and demographics (user) web services. One Identity's Production and Non-Production Epic Client IDs can be used if they are enabled for accessing the Epic web services. One Identity's Epic Client IDs can be found in the EPCEpicConfig.xml file in One Identity Manager workstation.

Epic EMP user, Epic EMP template, Epic EMP subtemplate reports: The master list of all Epic EMP user, Epic EMP template and Epic EMP subtemplate need to be exported from Epic in to separate CSV files and provided to Epic connector. Please contact Epic on how to automate the report generation process.

Epic EMP Items need to be un-locked: Epic EMP user attributes that need to be managed from One Identity Manager need to be un-locked by Epic’s Data Courier team. The list of attributes along with the EMP item number are provided in the section Epic EMP User Accounts. Un-lock the EMP user items that you want serviced from One Identity Manager.

The following are the Epic health care system SER connection prerequisites -

Epic SER provider, Epic SER blueprint, Epic SER template, and Epic SER item reports.

  • Epic SER provider report: The master list of Epic SER provider need to be exported from Epic into separate CSV files and provided to Epic connector. Please contact Epic on how to automate the report generation process.

  • Epic SER blueprint report: Epic SER blueprints are like templates from which Epic SER provider record could be built. If you want to build Epic SER provider records from an Epic SER blueprint, a CSV report needs to be generated and provided to Epic connector. Please contact Epic on how to automate the report generation process.

  • Epic SER template and Epic SER item reports: The Epic SER template provides a custom way to build an Epic SER provider record. The report is modeled like Epic SER blueprint. The EPC module’s Miscellaneous folder contains an example Epic SER template report. The Epic SER item contains the list of Epic SER items managed from One Identity Manager. The EPC module’s Miscellaneous folder contains an example Epic SER items report. Make sure the item number and field number present in the file matches your Epic installation.

  • Epic SER categories report: In the One Identity Manager designer’s SERProvider schema, SER columns can be optionally designated as being populated from a limited set of values by checking the defined list of values option. For the columns that has been designated as limited set of values, the actual values could be optionally synchronized from external files. The categories report must be generated for the same and provided to Epic connector. The EPC module’s Miscellaneous folder contains categories for all supported Epic SER items. These categories can be used if it satisfies the requirement or contact Epic to automate the report generation process.

For more information about report format, see

To load One Epic EMP users, Epic EMP templates, Epic Sub templates, Epic SER providers, Epic SER blueprints, Epic SER templates and Epic SER items into the One Identity Manager database for the first time

  1. Make sure Epic health care system prerequisites are met
  2. The One Identity Manager components for managing Epic health care system are available if the TargetSystem | Epic configuration parameter is set.
    • Check whether the configuration parameter is set in the Designer. Otherwise, set the configuration parameter and compile the database.
    • Check the configuration parameters and modify them as necessary to suit your requirements.
  3. Install and configure a synchronization server and declare the server as Job server in One Identity Manager.

    NOTE: Ensure that the Job server has the machine role of Epic and job server function of Epic connector.

  4. Create a synchronization project with the Synchronization Editor.

For more information, see

셀프 서비스 도구
지식 기반
공지 및 알림
제품 지원
소프트웨어 다운로드
기술 설명서
사용자 포럼
비디오 자습서
RSS 피드
문의처
라이센싱 지원가져오기
기술 지원
모두 보기
관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택