Chat now with support
Chat with Support

Identity Manager 9.2 - Epic Healthcare System Administration Guide

Managing an Epic health care system Setting up synchronization with an Epic health care system Basic Data for managing an Epic health care system Epic EMP template Epic SubTemplate Epic Connection Epic EMP User Accounts Security Matrix Configuration parameters for managing Epic health care system Default project template for Epic

Customizing Security Matrix

The security matrix CSV project has two mappings. The EPCMatrixEMPTemplate mapping synchronizes the EMP Template assignment for users and EPCMatrixSubtemplate synchronizes the Subtemplate assignment for the users.

The virtual property vrtKey defined on the OneIM side and target system side, does the object matching. The vrtKey is defined as the combination of 10 Properties (script vrtProperties on the OneIM end) along with the EpcRoot.

On the left side of the mapping (OneIM side), virtual script property for each property has been defined. For example, we have a virtual property vrtProperty01 defined for Property01 and so on. The Properties (Property01 to Property10) can be mapped to match the Identity’s OneIM Org or Identity’s simple field (For example - Job Title). Property column mapping is defined in the EPCMatrixColumnEMPTemplate and EPCMatrixColumnSubtemplate tables. The virtual script properties (vrtProperty01 to vrtProperty10) by default resolves Orgs based on the Org’s “Full Path”, if the corresponding Property has been mapped to an Org and resolves to the field value in case of simple properties.

If resolution of Orgs based on Org’s “Full Path” does not suffice the requirement, customers can resolve it differently. The read and write script of all vrtProperties can be updated according to requirements.

Configuration parameters for managing Epic health care system

The following configuration parameters are additionally available in One Identity Manager after the module has been installed.

Table 33: Additional configuration parameters available in One Identity Manager after the module has been installed
Configuration parameter Description
TargetSystem|Epic Healthcare

Preprocessor relevant configuration parameter for controlling the database model components for the administration of the target system Epic Healthcare.

If the parameter is set, the target system components are available. Changes to this parameter require the database to be recompiled.

TargetSystem|EPC|Accounts This configuration parameter permits configuration of user account data.
TargetSystem | EPC | Accounts | InitialRandomPassword

This configuration parameter specifies whether a random generated password is issued when a new user account is added.

The password must contain at least those character sets that are defined in the password policy.

TargetSystem | EPC | Accounts | InitialRandomPassword | SendTo

This configuration parameter specifies to which identity the email with the randomly generated password should be sent (manager cost center/department/location/role, identity’s manager or XUserInserted).

If no recipient can be found, the password is sent to the address stored in the TargetSystem | EPC | DefaultAddress configuration parameter.

TargetSystem | EPC | Accounts | InitialRandomPassword | SendTo |MailTemplateAccountName

This configuration parameter contains the name of the mail template sent to provide users with the login data for their user accounts.

The Identity - new user account created mail template is used.

TargetSystem | EPC | Accounts | InitialRandomPassword | SendTo | MailTemplatePassword

This configuration parameter contains the name of the mail template sent to provide users with information about their initial password.

The Identity - initial password for new user account mail template is used.

TargetSystem | EPC | Accounts | MailTemplateDefaultValues

This configuration parameter contains the mail template used to send notifications if default IT operating data mapping values are used for automatically creating a user account.

The Identity - new user account with default properties created mail template is used.

TargetSystem | EPC | DefaultAddress The configuration parameter contains the recipient's default email address for sending notifications about actions in the target system.
TargetSystem | EPC | PersonAutoDefault This configuration parameter specifies the mode for automatic identity assignment for user accounts added to the database outside synchronization.
TargetSystem | EPC | PersonAutoDisabledAccounts This configuration parameter specifies whether identities are automatically assigned to disable user accounts. User accounts do not obtain an account definition.
TargetSystem | EPC | PersonAutoFullSync This configuration parameter specifies the mode for automatic identity assignment for user accounts added to or updated in the database through synchronization.
TargetSystem | EPC | PersonExcludeList

List of all user accounts for which automatic identity assignment should not take place.

Names are listed in a pipe (|) delimited list that is handled as a regular search pattern.

Example: ADMINISTRATOR

TargetSytem |EPC|SubTemplateDefaultPriority This configuration parameter specifies the SubTemplate default priority to be assigned for direct and base tree assignments. the default value is set to 4 and can be updated.
TargetSystem|EPC| SubTemplateMatrixPriority

This parameter specifies the SubTemplate default priority for SecurityMatrix assignments.

The default value is 1 and can be updated.

TargetSystem|EPC| AutoSetAppliedEMPTemplate

If a user receives an EMPTemplate through base tree or SecurityMatrix inheritance and AutoSetAppliedEMPTemplate parameter value is 1, then the EMPTemplate is automatically set as the Applied and Default EMPTemplate for the user.

The default value is set to 0 and can be updated.

TargetSystem | EPC | Accounts | NotRequirePasswor

This configuration parameter determines whether a password is generated for the user. If this configuration parameter is set to 1 then no password is generated for the user. If this configuration parameter is not set to 1 and the Initial Random Password configuration parameter is enabled, then a password is generated for the user.

The default value of this configuration parameter is set to 1.

Default project template for Epic

A default project template ensures that all required information is added in One Identity Manager. This includes mappings, workflows, and the synchronization base object. If you do not use a default project template, you must declare the synchronization base object in One Identity Manager.

Use a default project template for setting up the synchronization project initially. For custom implementations, you can extend the synchronization project with the Synchronization Editor.

One Identity Manager accesses the Epic healthcare target system through a web service exposed by Epic.

The various One Identity Manager tables that is used for mapping

Table 34: One Identity Manager schema tables for Epic Health care
Table in the One Identity Manager schema Description Description
EPCEMPTemplate EMPTemplate details
EPCSubTemplate SubTemplate details
EPCUser An EPC User details
EPCUserHasEMPTemplate EMPTemplate assigned to an EPCUser
ECPUserHasSubTemplate SubTemplate assigned to an EPCUser
EPCUserIdentityID User IdentityID assigned to an EPCUser
EPCUserExternalID External Identifiers assigned to an EPCUser

EPCUserManager

EPCUserManager

EPCUser Demographics

Demographics data assigned to an EPCUser

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating