Identity Manager 9.1 - Epic Healthcare System Administration Guide

A mapping must be established between the Person Identity attributes and the SubTemplate security matrix attributes, in order to group the SubTemplate with one or more attributes of the Identity. Refer to the section Configuring SecurityMatrix for SubTemplate for configuration details.

View Epic Security Matrix for SubTemplate

The Security Matrix for SubTemplate once imported could be viewed using One Identity Manager. Refer to the section Viewing the SubTemplate Security Matrix for details.

Configure settings for SubTemplate Index

SubTemplate assigned to an Epic EMP user must have a priority (also called index). The default SubTemplate priority for different OneIM organizations and business roles can be configured. When an user receives a SubTemplate through base tree based inheritance, the configured SubTemplate priority for the organization is automatically applied.

To configure the SubTemplateIndex settings follow the below mentioned steps:

In One Identity Manager, select the appropriate Epic connection that has been created.
In the Tasks section, select the link Configure settings for SubTemplateIndex.
Update the SubTemplate Index for the organization or business role
Save the settings.

Epic EMP User Accounts

Epic EMP user accounts can be managed from One Identity.

User Report

The master list of Epic EMP user accounts that should be managed from One Identity Manager should be exported from Epic and provided in a CSV file. The name of the CSV file should be Users.csv. This is called the user report and the generated report should be copied to the configured CSV import directory (The CSV import directory was configured when you created the synchronization project).

NOTE:

Contact Epic regarding on how to automate the user report generation and dropping the report generated to the CSV import directory.

If the CSV import directory is a local folder on the job server and One Identity Manager workstation, make sure to copy the user report to both the job server’s and One Identity Manager workstation’s local folder

If the CSV import directory is a network share, make sure it is accessible from both the job server and One Identity Manager workstation.

The Users.csv report has a specific format. It should contain the following fields and the order should be maintained.

User Number (Local ID or External ID): The Epic Emp user’s External ID.
System Login: The Epic Emp user’s System Login ID.
UserName: The Epic Emp user’s name.
User Record Status: The Epic Emp user’s status (Active / InActive).

IMPORTANT:

The first line in the Users.csv report should be the header row with the fields specified above.
Field ordering in the Users.csv report should be maintained.
The user number provided should be the Epic EMP user’s External ID.
If any of the field has a comma it should be escaped properly with double quotes.
The user report should contain only the list of EMP user accounts that need to be managed from One Identity Manager. EMP user accounts such as service user accounts or In-Active accounts or any other user accounts that does not need to be managed from One Identity Manager should not be there in the user’s report and these users can be filtered out when the report is generated in Epic.

User Report customization

Epic connector uses the user report to get the master list of Epic EMP user accounts. Sometimes additional customization might need to be done to the user report generated. For example, we might want to remove certain Epic EMP user accounts such as contractors from the user report, which could have not been possible when the report is generated in Epic. To address these use cases, Epic connector provides the ability to perform additional customization to the user report generated from Epic. The Epic report customization is done in a PowerShell script named EPCUserReportFilterScript.ps1.

The Epic connector now uses the Epic EMP user data returned by the EPCUserReportFilterScript.ps1 PowerShell script as the master list of Epic EMP users and does not use the user data from the Users.csv file.

To perform additional user report customization

In the synchronization project choose advance settings
Select the option Use Custom PowerShell Script for User Import. Save the synchronization project changes.
Copy the EPCUserReportFilterScript.ps1 PowerShell script from installer’s EPC Module dvd/Addon folder to the configured CSV import directory in synchronization project .

NOTE: If the CSV import directory is configured as a local folder then the PowerShell script must be copied to the local folder in job server and OneIM workstation.
The Epic connector calls the PowerShell script’s Get-OneIMEpicUsers function to get the list of Epic EMP users. Customize the function according to the requirements.

IMPORTANT: The data must be returned in the format as documented in the function.

Testing the changes

Once the PowerShell script has been customized it must be tested.

Update the Test-Get-OneIMEpicUsers function in the PowerShell script and run the script. This is a test function that validates the data returned by the Get-OneIMEpicUsers function. Make sure the data is returned is correct

NOTE: The PowerShell script can be run from the OneIM workstation.
Open the synchronization project and navigate to the start up configuration. Run a simulation. Make sure the data returned is correct. This test makes sure that the Epic connector can invoke the PowerShell script and load the data returned by the PowerShell script.
NOTE:
- If the PowerShell script execution policy on job server or One Identity Manger workstation dictates that it needs to be signed, then the PowerShell script has to be signed after modification or change the script execution policy on the server to be less restrictive for the script to run.
- For more information on PowerShell script execution policy refer to https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_execution_policies?view=powershell-5.1.

Epic EMP user account attribute un-locking

Epic EMP user account attributes need to be un-locked in Epic in order to manage them from One Identity. The following table provides the list of Epic EMP attributes along with the EMP item number. Contact the Epic data courier team and un-lock attributes that you want to manage from One Identity.

Table 24: Epic EMP attributes
EMP item number	EMP attribute name	Comments
.1	User Number
.2	UserName
23	Contact Comment
35	User Name
36	User Name Over Time
45	System Login
50	Status
55	User Login Blocked
180	User Alias
720	Effective From Date
730	Effective To Date
14100	Notes
14700	Sex
20414	Primary Manager
198	Applied Linkable Template
.198	Applied Linkable Template Record Name
1101	Default Linkable Template
.1101	Default Linkable Template Record Name
40	Password	Applicable only if Native authentication has been enabled in Epic
20415	Additional Managers
1110	Linkable Templates
1111	Linkable Templates Effective from Date
1112	Linkable Templates Effective to Date
1115	Linkable Templates Login Types
9205	Linked Subtemplates
20701	User MPI ID
20700	User MPI ID Type
2401	Type of External ID
2402	External User ID
2405	External ID Active
14150	Employee Demographic 1
14151	Employee Demographic 2
14152	Employee Demographic 3
100	Address
110	City/Locality
112	County
135	Country
120	State/Province
130	Zip Code
140	Phone Number
150	Email Address
114	District
102	House Number
17500	LinkedProviderID

Documentos relacionados

The document was helpful.

Selecione a classificação

I easily found the information I needed.

Selecione a classificação

Selecione seu produto:

Para podermos atendê-lo melhor, informe o Propósito de seu chat:

Soluções recomendadas para seu problema