One Identity Manager Healthcare Integration module for Epic provides the ability to connect to Epic Healthcare systems and helps manage the Healthcare system identities and their access policies from One Identity Manager. Identity and Access Governance processes such as attesting, Identity Audit, user account management and system entitlements, IT Shop, or report subscriptions can be used for Epic Healthcare systems. The integration provides a one stop shop for managing Epic Healthcare identities, their access policies and ensures a strong identity governance.
One Identity Manager provides company employees with the necessary user accounts. You can use different mechanisms to connect employees to their user accounts. You can also manage user accounts independently of employees.
To access Epic Healthcare system data, the Epic Healthcare system connector is installed on a synchronization server. The synchronization server ensures that the data is compared between the One Identity Manager database and Epic Healthcare system. The Epic Healthcare system connector uses the Epic web services for accessing Epic Healthcare system data.
At a high level, the Healthcare Integration Module for Epic provides the following two features leveraging the Epic web services
The following users are used in Epic Healthcare system administration.
Users | Task |
Target system administrators |
Target system administrators must be assigned to the Target systems | Administrators application role. Users with this application role
|
Target system managers |
Target system managers must be assigned to Target systems | Epic or a sub-application role. Users with this application role
|
One Identity Manager administrators |
|
Administrators for the IT Shop |
Administrators must be assigned to the Request & Fulfillment | IT Shop | Administrators application role. Users with this application role
|
Product owner for the IT Shop |
Product owners must be assigned to the Request & Fulfillment | IT Shop | Product owner application role or a child application role. Users with this application role
|
Administrators for Organizations |
Administrators must be assigned to the application role Identity Management | Organizations | Administrators. Users with this application role
|
Business roles administrators |
Administrators must be assigned to the application role Identity Management | Business roles | Administrators. Users with this application role
|
User accounts are mapped incorrectly to Employee if the matching criteria field contains NULL values. The KB article https://support.oneidentity.com/identity-manager/kb/328284 provides the fix for this issue. Follow the instructions in the KB article and install the fix.
The following are the Epic Healthcare system prerequisites
Epic version supported: May 2019, August 2020, May 2020, February 2020
NOTE: Prior Epic versions should also be supported but not officially tested against those versions.
Epic web services: Epic’s SOAP 1.1 version of web services should be enabled and accessible. Epic system’s Personnel management and demographics (user) web services should be enabled for access
Epic web services credentials: Valid credentials that has access to the Epic web services
Client ID: Valid Epic Client ID that has access to the Epic’s personnel management and demographics (user) web services. One Identity's Production and Non-Production Epic Client IDs can be used if they are enabled for accessing the Epic web services. One Identity's Epic Client IDs can be found in the EPCEpicConfig.xml file in One Identity Manager workstation.
EMP User, EMPTemplate and SubTemplate reports: The master list of all EMP users, EMPTemplates and SubTemplates need to be exported from Epic in to separate CSV files and provided to Epic connector. Please contact Epic on how to automate the report generation process.
Epic EMP Items need to be un-locked: Epic EMP user attributes that need to be managed from One Identity Manager need to be un-locked by Epic’s Data Courier team. The list of attributes along with the EMP item number are provided in the section Epic EMP User Accounts. Un-lock the EMP user items that you want serviced from One Identity Manager.
For more information about report format, see
To load One Epic EMP users, EMPTemplates and SubTemplates into the One Identity Manager database for the first time
NOTE: Ensure that the Job server has the machine role of Epic and job server function of Epic connector.
For more information, see
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy