Chat now with support
Chat with Support

Identity Manager 9.2.1 - Epic Healthcare System Administration Guide

Managing an Epic health care system Setting up synchronization with an Epic health care system Basic Data for managing an Epic health care system Epic Connection Epic EMP User Accounts Epic EMP template Epic EMP subtemplate Epic SER Items Epic SER Provider accounts Epic SER Blueprints Epic SER Template Security Matrix Configuration parameters for managing Epic health care system Default project template for Epic

Editing search criteria for automatic identity assignment

The criteria for identity assignment are defined for the client. In this case, you specify which Epic SER provider account properties must match the identity’s properties such that the identity can be assigned to the Epic SER provider account. You can limit search criteria further by using format definitions. The search criterion is written in XML notation to the Search criteria for automatic identity assignment column (AccountToPersonMatchingRule) in the EPCRoot table. Search criteria are evaluated when identities are automatically assigned to Epic SER provider accounts. Furthermore, you can create a suggestion list for assignments of identities to Epic SER provider accounts based on the search criteria and make the assignment directly.

NOTE:

  • When the identities are assigned to Epic SER provider accounts on the basis of search criteria, Epic SER provider accounts are given the default manage level of the account definition entered in the Epic SER provider account's target system. You can customize Epic SER provider account properties depending on how the behavior of the manage level is defined. It is not recommended to make assignment to administrative Epic SER provider accounts based on search criteria. Use Change master data to assign identities to administrative user account for the respective Epic SER provider account.

  • One Identity Manager supplies a default mapping for identity assignment. Only carry out the following steps when you want to customize the default mapping.

To specify criteria for identity assignment

  1. Select Epic health care | Clients.
  2. Select the client from the result list.
  3. Select Define search criteria for identity assignment in the task view.
  4. Specify which user account properties must match with which identity so that the identity is linked to the Epic SER provider account and save the changes.
Table 39: Standard search criteria for Epic SER provider accounts and contacts
Applies to Column for Identity

Column for Epic SER provider account

Epic SER provider accounts

FirstName

FirstName

 

LastName

LastName

 

MiddleName

MiddleName

Direct assignment of identities to Epic SER provider accounts based on a suggestion list

Direct assignment of identities to Epic SER provider accounts based on a suggestion list

In Assignments, you can create a suggestion list for assignments of identities to Epic SER provider accounts based on the search criteria and make the assignment directly. Epic SER provider accounts are grouped in different views for this.

Table 40: Manual Assignment View
View Description

Suggested assignments

This view lists all user accounts to which One Identity Manager can assign an identity. All identities are shown who were found using the search criteria and can be assigned.

Assigned user accounts

This view lists all user accounts to which an identity is assigned.

Without identity assignment

This view lists all user accounts to which no identity is assigned and for which no identity was found using the search criteria.

NOTE: By double-clicking on an entry in the view, you can view the user account and identity master data.

To apply search criteria to user accounts

  1. Click Reload.

All possible assignments based on the search criteria are found in the target system for all user accounts. The three views are updated.

To assign identities directly over a suggestion list

  1. Click Suggested assignments.
    1. Click Select for all user accounts to which you want to assign the suggested identities. Multi-select is possible.

    2. Click Assign selected.

    3. Confirm the security prompt with Yes.

    4. The identities determined using the search criteria are assigned to the selected user accounts.

    – OR –

  2. Click No identity assignment.

    1. Click Select identity for the user account to which you want to assign an identity. Select an identity from the menu.
    2. Click Select for all user accounts to which you want to assign the selected identities. Multi-select is possible.
    3. Click Assign selected.
    4. Confirm the security prompt with Yes.
The identities displayed in the Identity column are assigned to the selected user accounts.

To remove assignments

  1. Click Assigned user accounts.
    1. Click Select for all user accounts to which you want to delete the identiy assignment. Multi-select is possible.

    2. Click Remove selected.

    3. Confirm the security prompt with Yes.

The assigned identities are removed from the selected user accounts.

For detailed information about defining search criteria, see the One Identity Manager Target System Base Module Administration Guide.

Related Topics

Automatic assignments of persons to Epic SER provider accounts

Provisioning Epic SER provider onto Epic

Pre-requisites

The following are the pre-requisites for provisioning Epic SER provider records into Epic.

  1. The CSV import directory configured while setting up the Synchronization project should contain the following sub directories.

    • SERProviders - The Epic SER connector creates an intermediate Json file for each SER provider record that is updated and contains all the changes made. This directory contains all these intermediate Json files.
    • SERProviders\Output - This directory contains the final Epic SER provider file that can be imported in to Epic using the Epic text console or using the ImportData Api
    • SERProviders\Archive - This directory is an archive directory and contains the intermediate Epic SER provider Json files that have been processed into the final Epic SER provider file
    • SERProviders\Output\Provisioned - If the ImportData Api is used to provision the Epic SER provider records, then this directory is needed. It would contain the Epic SER provider records provisioned into Epic using the ImportData Api
    • SERProviders\Output\Logs - If ImportData Api is used to provision the Epic SER provider records, then this directory is needed. It would contain the logs of Epic SER provider records provisioned into Epic.
  2. A new MPI ID called OneIdentityID needs to be configured in Epic. This MPI ID would be used when provisioning new Epic SER provider records into Epic.
  3. Access to the ImportData Api and GetImportDataLogs Api if the Api is used for provisioning.

Provisioning process overview

The PowerShell script EPCSERProviderJsonCreationScript.ps1 found under EPC module's PowerShellScript folder can be copied to a local folder on the workstation or job server and then be executed. This script contains the cmdlets and functions for provisioning Epic SER provider records.

Changes to Epic SER provider record are provisioned into Epic as a multi-step process. The Epic SER connector creates an intermediate Json file that contains all the Epic SER provider changes. Executing the Cmdlet New-ProviderFileForImportToEpic found in the script would create the final Epic SER Provider import File that can be imported into Epic. The cmdlet provides the option to either combine the changes in all the intermediate provider json files and create a single final import file for importing to Epic or create a separate import file for each Epic SER Provider record for importing into Epic. The final Epic SER provider import file can be imported into Epic using Epic text console or using the ImportData Api. Customers can contact Epic technical support in case they need assistance to import the Epic SER provider file into Epic.

 

IMPORTANT:

If ImportData Api is used for provisioning SER provider records in to Epic, then, the Epic import specification used during importing/provisioning the changes from One Identity Manager to the Epic target system requires each item/field to be imported with "Override" and not "Append".

 

PowerShell script EPCSERProviderJsonCreationScript.ps1 overview

The PowerShell script contains Cmdlets and functions that would create the final import file for importing into Epic. Here is the overview of the Cmdlets and functions.

  • New-ProviderFileForImportToEpic Cmdlet: This Cmdlet parses the intermediate SER Provider Json files created by the Epic SER connector and creates the final file for import into Epic. The final SER file can optionally be imported into Epic using ImportData Api by invoking New-ImportSERRecordIntoEpic Cmdlet.

  • Test-New-ProviderFileForImportToEpic function: This function can be used to test the New-ProviderFileForImportToEpic Cmdlet. To test the cmdlet, uncomment the section of the PowerShell code that calls the New-ProviderFileForImportToEpic Cmdlet in the function and then run with appropriate parameters.

  • New-ImportSERRecordIntoEpic Cmdlet: This Cmdlet provisions the final Epic SER provider file created by New-ProviderFileForImportToEpic Cmdlet into Epic by invoking the ImportData API.

  • Test-New-ImportSERRecordIntoEpic function: Test function for Test-New-ImportSERRecordIntoEpic. To test the cmdlet, uncomment the section of the PowerShell code that calls the New-ImportSERRecordIntoEpic Cmdlet in the function and then run with appropriate parameters.

  • ProviderFolderWatcher function: This function watches for SER Provider Json files in the SER Provider folder and calls the New-ProviderFileForImportToEpic cmdlet to create the final file for import into Epic and optionally import the final SER file into Epic using ImportData Api by invoking New-ImportSERRecordIntoEpic Cmdlet.

 

PowerShell script EPCSERProviderJsonCreationScript.ps1 customization

  • New-ProviderFileForImportToEpic Cmdlet: Ensure the parameters csvProviderFilePath and username & password (username & password to access the file path if secured by the same) are configured properly. If you want to automate provisioning of Epic SER provider records using Epic ImportData Api, supply the other needed parameters and the New-ImportSERRecordIntoEpic cmdlet would be invoked, and the Epic SER record would provisioned in to Epic.

  • ProviderFolderWatcher function: Ensure the parameters csvProviderFilePath and (userName & password to access the file path if secured by the same) is configured properly. If you want to automate provisioning of SER provider records using Epic ImportData Api, supply the other needed parameters

Automating SER provider records import into Epic

The end-to-end process of provisioning Epic SER provider records into Epic can be automated. The following would be the steps to automate.

  1. In the PowerShell script that has been copied to the workstation or job server, uncomment the execution of ProviderFolderWatcher function (#ProviderFolderWatcher -csvProviderFilePath '' -ErrorAction Continue)

  2. Create a windows task scheduler that would run the PowerShell script which would watch for new intermediate Epic SER provider Json files, create the final Epic SER provider Json file and import it into Epic using the ImportData Api. Steps to setup the windows task scheduler:

    1. Open windows task scheduler. Create a new folder under the task scheduler library called One Identity.

    2. Create a new task under One Identity folder that would execute the above PowerShell script.

    3. Under the general tab, make sure to check the option "Run whether user is logged in or not"

    4. Click on the Actions tab. Create a new Action. Set the following Action : Start a Program/Script: PowerShell. PowerShell.Arguments: -file: <Path to the PowerShell script>ExecutionPolicy Bypass.

      NOTE:If the PowerShell script execution policy is restrictive, contact the IT administrator to reduce the strictness or sign the PowerShell script.

      For information related to PowerShell execution policy refer to the article - https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_execution_policies?view=powershell-7.4

      For information related to signing PowerShell script refer to the article - https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_signing?view=powershell-7.4.

    5. Under settings make sure "Allow task to be run on demand" is checked and "Do not start a new instance" is selected

    6. Run the Task. Once the task is started, it keeps executing until it is stopped. The task watches the Epic SER folder for intermediate Epic SER provider Json files and creates final Epic SER provider Json file. If the script has been configured to use the ImportData Api for import into Epic, it would invoke the Api and provision the Epic SER provider record into Epic.

Disabling Epic SER provider account

The way you disable Epic SER provider accounts depends on how they are managed.

Scenario

The Epic SER provider account is linked to identities and is managed through account definitions. Epic SER provider accounts managed through account definitions are disabled when the identity is temporarily or permanently disabled. The behavior depends on the Epic SER provider account manage level. Accounts with the manage level Full managed manage level are disabled depending on the account definition settings. For Epic SER provider accounts with a manage level, configure the required behavior using the template in the EPCSERProvider.AccountDisabled column

Scenario

Epic SER provider accounts are linked to identities. No account definition is applied. Specify the desired behavior using the QER | Person | TemporaryDeactivation configuration parameter. If the configuration parameter is set, the identity’s Epic SER provider accounts are locked if the identity is permanently or temporarily disabled. If the configuration parameter is not set, the identity’s properties do not have any effect on the associated Epic SER provider accounts.

To disable the Epic SER provider account when the configuration parameter is disabled.

  1. In One Identity Manager, select Epic Healthcare | SER providers.

  2. Select the Epic SER provider account in the result list.

  3. Select Change master data.

  4. Enable Account is disabled on the General tab.

  5. Save the changes.

Scenario: User accounts not linked to identities.

To disable an Epic SER provider account that is no longer linked to an identity.

  1. In One Identity Manager, select Epic Healthcare | SER providers.

  2. Select the Epic SER provider account in the result list.

  3. Select Change master data.

  4. Enable Account is disabled on the General tab.

  5. Save the changes.

Related Topics

For detailed information about disabling and deleting identities and user accounts, see the One Identity Manager Target System Base Module Administration Guide.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating