Chat now with support
Chat with Support

Identity Manager 9.2.1 - Epic Healthcare System Administration Guide

Managing an Epic health care system Setting up synchronization with an Epic health care system Basic Data for managing an Epic health care system Epic Connection Epic EMP User Accounts Epic EMP template Epic EMP subtemplate Epic SER Items Epic SER Provider accounts Epic SER Blueprints Epic SER Template Security Matrix Configuration parameters for managing Epic health care system Default project template for Epic

Viewing the Epic EMP Subtemplate Security Matrix

The Security Matrix for Epic EMP subtemplate once imported could be viewed using One Identity Manager.

To view the imported matrix

  1. In One Identity Manager and navigate to Epic connection which was created.
  2. In the Task menu click on View Epic Security Matrix for Epic EMP subtemplate.

    A grid would be displayed with the Epic EMP subtemplate and the corresponding Property values for Identity.

Assignment of the Epic EMP subtemplate to Epic EMP user accounts

The Epic EMP user account can inherit Epic EMP Subtemplates from security matrix based on the properties mapped between the Identity and the matrix, provided that the Is Template Update Disabled flag for the user account is set to false.

The assignments inherited by the user from the Security Matrix has an XOrigin set to Matrix.

The User account Epic EMP Subtemplate assignments are updated in the following cases:

  1. An initial import of the data into the EPCMatrixSubTemplate table.
  2. Subsequent updated to the Security Matrix for Epic EMP Subtemplate.
  3. Changes to the property values of the Identity linked to the Epic EMP user account.
  4. Change of the Identity linked to the Epic EMP user account.

Customizing Security Matrix

The security matrix CSV project has two mappings. The EPCMatrixEMPTemplate mapping synchronizes the Epic EMP template assignment for Epic EMP users and EPCMatrixSubtemplate synchronizes the Epic EMP subtemplate assignment for the Epic EMP user.

The virtual property vrtKey defined on the OneIM side and target system side, does the object matching. The vrtKey is defined as the combination of 10 Properties (script vrtProperties on the OneIM end) along with the EpcRoot.

On the left side of the mapping (OneIM side), virtual script property for each property has been defined. For example, we have a virtual property vrtProperty01 defined for Property01 and so on. The Properties (Property01 to Property10) can be mapped to match the Identity’s OneIM Org or Identity’s simple field (For example - Job Title). Property column mapping is defined in the EPCMatrixColumnEMPTemplate and EPCMatrixColumnSubtemplate tables. The virtual script properties (vrtProperty01 to vrtProperty10) by default resolves Orgs based on the Org’s “Full Path”, if the corresponding Property has been mapped to an Org and resolves to the field value in case of simple properties.

If resolution of Orgs based on Org’s “Full Path” does not suffice the requirement, customers can resolve it differently. The read and write script of all vrtProperties can be updated according to requirements.

Configuration parameters for managing Epic health care system

The following configuration parameters are additionally available in One Identity Manager after the module has been installed.

Table 45: Additional configuration parameters available in One Identity Manager after the module has been installed
Configuration parameter Description
TargetSystem|Epic Healthcare

Preprocessor relevant configuration parameter for controlling the database model components for the administration of the target system Epic Healthcare.

If the parameter is set, the target system components are available. Changes to this parameter require the database to be recompiled.

TargetSystem|EPC|Accounts This configuration parameter permits configuration of Epic EMP user account data.
TargetSystem | EPC | Accounts | InitialRandomPassword

This configuration parameter specifies whether a random generated password is issued when a new Epic EMP user account is added.

The password must contain at least those character sets that are defined in the password policy.

TargetSystem | EPC | Accounts | InitialRandomPassword | SendTo

This configuration parameter specifies to which identity the email with the randomly generated password should be sent (manager cost center/department/location/role, identity’s manager or XUserInserted).

If no recipient can be found, the password is sent to the address stored in the TargetSystem | EPC | DefaultAddress configuration parameter.

TargetSystem | EPC | Accounts | InitialRandomPassword | SendTo |MailTemplateAccountName

This configuration parameter contains the name of the mail template sent to provide Epic EMP users with the login data for their Epic EMP user accounts.

The Identity - new Epic EMP user account created mail template is used.

TargetSystem | EPC | Accounts | InitialRandomPassword | SendTo | MailTemplatePassword

This configuration parameter contains the name of the mail template sent to provide Epic EMP users with information about their initial password.

The Identity - initial password for new Epic EMP user account mail template is used.

TargetSystem | EPC | Accounts | MailTemplateDefaultValues

This configuration parameter contains the mail template used to send notifications if default IT operating data mapping values are used for automatically creating an Epic EMP user account.

The Identity - new Epic EMP user account with default properties created mail template is used.

TargetSystem | EPC | DefaultAddress The configuration parameter contains the recipient's default email address for sending notifications about actions in the target system.
TargetSystem | EPC | PersonAutoDefault This configuration parameter specifies the mode for automatic identity assignment for Epic EMP user accounts added to the database outside synchronization.
TargetSystem | EPC | PersonAutoDisabledAccounts This configuration parameter specifies whether identities are automatically assigned to disable Epic EMP user accounts. Epic EMP user accounts do not obtain an account definition.
TargetSystem | EPC | PersonAutoFullSync This configuration parameter specifies the mode for automatic identity assignment for Epic EMP user accounts added to or updated in the database through synchronization.
TargetSystem | EPC | PersonExcludeList

List of all Epic EMP user accounts for which automatic identity assignment should not take place.

Names are listed in a pipe (|) delimited list that is handled as a regular search pattern.

Example: ADMINISTRATOR

TargetSystem | EPC | SER

Preprocessor relevant configuration parameter for controlling the database model components for the administration of the Epic SER provider accounts for target system Epic Healthcare.

If the parameter is set, the target system components with respect to Epic SER provider accounts are available. Changes to this parameter require the database to be recompiled.

TargetSystem | EPC | SER | Accounts

This configuration parameter permits configuration of Epic SER provider account data.

TargetSystem | EPC | SER | Accounts | InitialRandomPassword

This configuration parameter specifies whether a random generated password is issued when a new Epic SER provider account is added.

The password must contain at least those character sets that are defined in the password policy.

TargetSystem | EPC | SER | Accounts | InitialRandomPassword | SendTo

This configuration parameter specifies to which identity the email with the randomly generated password should be sent (manager costcenter/department/location/role, identity’s manager or XUserInserted).

If no recipient can be found, the password is sent to the address stored in the TargetSystem | EPC | SER | DefaultAddress configuration parameter.

TargetSystem | EPC | SER | Accounts | InitialRandomPassword | SendTo |MailTemplateAccountName

This configuration parameter contains the name of the mail template sent to provide users with the login data for their Epic SER provider accounts.

The Identity - new Epic SER provider account created mail template is used.

TargetSystem | EPC | SER | Accounts | InitialRandomPassword | SendTo | MailTemplatePassword

This configuration parameter contains the name of the mail template sent to provide users with information about their initial password.

The Identity - initial password for new Epic SER provider account mail template is used.

TargetSystem | EPC | SER | Accounts | MailTemplateDefaultValues

This configuration parameter contains the mail template used to send notifications if default IT operating data mapping values are used for automatically creating an Epic SER provider account.

The Identity - new Epic SER provider account with default properties created mail template is used.

TargetSystem | EPC | SER | DefaultAddress

The configuration parameter contains the recipient's default email address for sending notifications about actions in the target system.

TargetSystem | EPC | SER | PersonAutoDefault

This configuration parameter specifies the mode for automatic identity assignment for Epic SER provider accounts added to the database outside synchronization.

TargetSystem | EPC | SER | PersonAutoDisabledAccounts

This configuration parameter specifies whether identities are automatically assigned to disable Epic SER provider accounts. Epic SER provider accounts do not obtain an account definition.

TargetSystem | EPC | SER | PersonAutoFullSync

This configuration parameter specifies the mode for automatic identity assignment for Epic SER provider accounts added to or updated in the database through synchronization.

TargetSystem | EPC | SER | PersonExcludeList

List of all Epic SER provider accounts for which automatic identity assignment should not take place.

Names are listed in a pipe (|) delimited list that is handled as a regular search pattern.

Example: ADMINISTRATOR

TargetSytem |EPC|SubTemplateDefaultPriority This configuration parameter specifies the SubTemplate default priority to be assigned for direct and base tree assignments. the default value is set to 4 and can be updated.
TargetSystem|EPC| SubTemplateMatrixPriority

This parameter specifies the Epic Sub template default priority for SecurityMatrix assignments.

The default value is 1 and can be updated.

TargetSystem|EPC| AutoSetAppliedEMPTemplate

If a user receives an Epic EMP template through base tree or SecurityMatrix inheritance and AutoSetAppliedEMPTemplate parameter value is 1, then the Epic EMP template is automatically set as the Applied and Default Epic EMP template for the user.

The default value is set to 0 and can be updated.

TargetSystem | EPC | Accounts | NotRequirePassword

This configuration parameter determines whether a password is generated for the user. If this configuration parameter is set to 1 then no password is generated for the user. If this configuration parameter is not set to 1 and the Initial Random Password configuration parameter is enabled, then a password is generated for the user.

The default value of this configuration parameter is set to 1.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating