The Security Matrix for Epic EMP subtemplate once imported could be viewed using One Identity Manager.
To view the imported matrix
A grid would be displayed with the Epic EMP subtemplate and the corresponding Property values for Identity.
The Epic EMP user account can inherit Epic EMP Subtemplates from security matrix based on the properties mapped between the Identity and the matrix, provided that the Is Template Update Disabled flag for the user account is set to false.
The assignments inherited by the user from the Security Matrix has an XOrigin set to Matrix.
The User account Epic EMP Subtemplate assignments are updated in the following cases:
The security matrix CSV project has two mappings. The EPCMatrixEMPTemplate mapping synchronizes the Epic EMP template assignment for Epic EMP users and EPCMatrixSubtemplate synchronizes the Epic EMP subtemplate assignment for the Epic EMP user.
The virtual property vrtKey defined on the OneIM side and target system side, does the object matching. The vrtKey is defined as the combination of 10 Properties (script vrtProperties on the OneIM end) along with the EpcRoot.
On the left side of the mapping (OneIM side), virtual script property for each property has been defined. For example, we have a virtual property vrtProperty01 defined for Property01 and so on. The Properties (Property01 to Property10) can be mapped to match the Identity’s OneIM Org or Identity’s simple field (For example - Job Title). Property column mapping is defined in the EPCMatrixColumnEMPTemplate and EPCMatrixColumnSubtemplate tables. The virtual script properties (vrtProperty01 to vrtProperty10) by default resolves Orgs based on the Org’s “Full Path”, if the corresponding Property has been mapped to an Org and resolves to the field value in case of simple properties.
If resolution of Orgs based on Org’s “Full Path” does not suffice the requirement, customers can resolve it differently. The read and write script of all vrtProperties can be updated according to requirements.
The following configuration parameters are additionally available in One Identity Manager after the module has been installed.
| Configuration parameter | Description |
| TargetSystem|Epic Healthcare |
Preprocessor relevant configuration parameter for controlling the database model components for the administration of the target system Epic Healthcare. If the parameter is set, the target system components are available. Changes to this parameter require the database to be recompiled. |
| TargetSystem|EPC|Accounts | This configuration parameter permits configuration of Epic EMP user account data. |
| TargetSystem | EPC | Accounts | InitialRandomPassword |
This configuration parameter specifies whether a random generated password is issued when a new Epic EMP user account is added. The password must contain at least those character sets that are defined in the password policy. |
| TargetSystem | EPC | Accounts | InitialRandomPassword | SendTo |
This configuration parameter specifies to which identity the email with the randomly generated password should be sent (manager cost center/department/location/role, identity’s manager or XUserInserted). If no recipient can be found, the password is sent to the address stored in the TargetSystem | EPC | DefaultAddress configuration parameter. |
| TargetSystem | EPC | Accounts | InitialRandomPassword | SendTo |MailTemplateAccountName |
This configuration parameter contains the name of the mail template sent to provide Epic EMP users with the login data for their Epic EMP user accounts. The Identity - new Epic EMP user account created mail template is used. |
| TargetSystem | EPC | Accounts | InitialRandomPassword | SendTo | MailTemplatePassword |
This configuration parameter contains the name of the mail template sent to provide Epic EMP users with information about their initial password. The Identity - initial password for new Epic EMP user account mail template is used. |
| TargetSystem | EPC | Accounts | MailTemplateDefaultValues |
This configuration parameter contains the mail template used to send notifications if default IT operating data mapping values are used for automatically creating an Epic EMP user account. The Identity - new Epic EMP user account with default properties created mail template is used. |
| TargetSystem | EPC | DefaultAddress | The configuration parameter contains the recipient's default email address for sending notifications about actions in the target system. |
| TargetSystem | EPC | PersonAutoDefault | This configuration parameter specifies the mode for automatic identity assignment for Epic EMP user accounts added to the database outside synchronization. |
| TargetSystem | EPC | PersonAutoDisabledAccounts | This configuration parameter specifies whether identities are automatically assigned to disable Epic EMP user accounts. Epic EMP user accounts do not obtain an account definition. |
| TargetSystem | EPC | PersonAutoFullSync | This configuration parameter specifies the mode for automatic identity assignment for Epic EMP user accounts added to or updated in the database through synchronization. |
| TargetSystem | EPC | PersonExcludeList |
List of all Epic EMP user accounts for which automatic identity assignment should not take place. Names are listed in a pipe (|) delimited list that is handled as a regular search pattern. Example: ADMINISTRATOR |
|
TargetSystem | EPC | SER |
Preprocessor relevant configuration parameter for controlling the database model components for the administration of the Epic SER provider accounts for target system Epic Healthcare. If the parameter is set, the target system components with respect to Epic SER provider accounts are available. Changes to this parameter require the database to be recompiled. |
|
TargetSystem | EPC | SER | Accounts |
This configuration parameter permits configuration of Epic SER provider account data. |
|
TargetSystem | EPC | SER | Accounts | InitialRandomPassword |
This configuration parameter specifies whether a random generated password is issued when a new Epic SER provider account is added. The password must contain at least those character sets that are defined in the password policy. |
|
TargetSystem | EPC | SER | Accounts | InitialRandomPassword | SendTo |
This configuration parameter specifies to which identity the email with the randomly generated password should be sent (manager costcenter/department/location/role, identity’s manager or XUserInserted). If no recipient can be found, the password is sent to the address stored in the TargetSystem | EPC | SER | DefaultAddress configuration parameter. |
|
TargetSystem | EPC | SER | Accounts | InitialRandomPassword | SendTo |MailTemplateAccountName |
This configuration parameter contains the name of the mail template sent to provide users with the login data for their Epic SER provider accounts. The Identity - new Epic SER provider account created mail template is used. |
|
TargetSystem | EPC | SER | Accounts | InitialRandomPassword | SendTo | MailTemplatePassword |
This configuration parameter contains the name of the mail template sent to provide users with information about their initial password. The Identity - initial password for new Epic SER provider account mail template is used. |
|
TargetSystem | EPC | SER | Accounts | MailTemplateDefaultValues |
This configuration parameter contains the mail template used to send notifications if default IT operating data mapping values are used for automatically creating an Epic SER provider account. The Identity - new Epic SER provider account with default properties created mail template is used. |
|
TargetSystem | EPC | SER | DefaultAddress |
The configuration parameter contains the recipient's default email address for sending notifications about actions in the target system. |
|
TargetSystem | EPC | SER | PersonAutoDefault |
This configuration parameter specifies the mode for automatic identity assignment for Epic SER provider accounts added to the database outside synchronization. |
|
TargetSystem | EPC | SER | PersonAutoDisabledAccounts |
This configuration parameter specifies whether identities are automatically assigned to disable Epic SER provider accounts. Epic SER provider accounts do not obtain an account definition. |
|
TargetSystem | EPC | SER | PersonAutoFullSync |
This configuration parameter specifies the mode for automatic identity assignment for Epic SER provider accounts added to or updated in the database through synchronization. |
|
TargetSystem | EPC | SER | PersonExcludeList |
List of all Epic SER provider accounts for which automatic identity assignment should not take place. Names are listed in a pipe (|) delimited list that is handled as a regular search pattern. Example: ADMINISTRATOR |
| TargetSytem |EPC|SubTemplateDefaultPriority | This configuration parameter specifies the SubTemplate default priority to be assigned for direct and base tree assignments. the default value is set to 4 and can be updated. |
| TargetSystem|EPC| SubTemplateMatrixPriority |
This parameter specifies the Epic Sub template default priority for SecurityMatrix assignments. The default value is 1 and can be updated. |
| TargetSystem|EPC| AutoSetAppliedEMPTemplate |
If a user receives an Epic EMP template through base tree or SecurityMatrix inheritance and AutoSetAppliedEMPTemplate parameter value is 1, then the Epic EMP template is automatically set as the Applied and Default Epic EMP template for the user. The default value is set to 0 and can be updated. |
|
TargetSystem | EPC | Accounts | NotRequirePassword |
This configuration parameter determines whether a password is generated for the user. If this configuration parameter is set to 1 then no password is generated for the user. If this configuration parameter is not set to 1 and the Initial Random Password configuration parameter is enabled, then a password is generated for the user. The default value of this configuration parameter is set to 1. |
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center
