Checking Passwords
When you test a password, all the password policy settings, custom scripts and the restricted passwords are taken into account.
To test whether a password conforms to the password policy
1. Select Epic healthcare | Basic configuration data | Password policies in One Identity Manager.
2. Select the password policy in the result list.
3. Select Change master data.
4. Select the Test tab.
5. Select the table and object to be tested in Base object for test.
6. Enter a password in Enter password to test.
A display next to the password shows whether it is valid or not
Testing generation of a password
When you generate a password, all the password policy settings, custom scripts and the restricted passwords are taken into account.
To generate a password that conforms to the password policy
1. Select Epic healthcare | Basic configuration data | Password policies in One Identity Manager.
2. Select the password policy in the result list.
3. Select Change master data.
4. Select the Test tab.
5. Click Generate.
This generates and displays a password.
Initial password for Epic User Account
You have the following possible options for issuing an initial password for a new Epic user account.
- Create user accounts manually and enter a password in their master data.
- Assign a randomly generated initial password to enter when you create user accounts.
- Enable the TargetSystem | EPC | Accounts | InitialRandomPassword configuration parameter in Designer.
- Apply target system specific password policies and define the character sets that the password must contain.
- Specify which identity will receive the initial password by email.
- User the identity's central password. The identity’s central password is mapped to the user account password. For more information about an identity’s central password, see One Identity Manager Identity Management Base Module Administration Guide.
Related Topics
Email notification about login data
You can configure the login information for new user accounts to be sent by email to a specified person. In this case, two messages are sent with the user name and the initial password. Mail templates are used to generate the messages. The mail text is defined in several languages in a mail template. which means the recipient ’s language can be taken into account when the email is generated. Mail templates are supplied in the default installation with which you can configure the notification procedure.
Prerequisites
The following prerequisites must be fulfilled in order to use notifications
1. Ensure that the email notification system is configured in One Identity Manager. For more information, see the One Identity Manager Installation Guide.
2. In Designer, enable the Common | MailNotification | DefaultSender configuration parameter and enter the sender address for sending the email notifications.
3. Ensure that all identities have a default email address. Notifications are sent to this address. For more information, see the One Identity Manager Identity Management Base Module Administration Guide.
4. Ensure that a language can be determined for all identities. Only then can they receive email notifications in their own language. For more information, see the One Identity Manager Identity Management Base Module Administration Guide.
When a randomly generated password is issued for the new user account, the initial login data for a user account is sent by email to a previously specified person.
To send initial login data by email
1. In the Designer, activate the configuration parameter TargetSystem | Epic healthcare | Accounts | InitialRandomPassword.
2. In the Designer, activate the configuration parameter TargetSystem | Epic healthcare | Accounts | InitialRandomPassword | SendTo and enter the recipient of the notification as a value.
3. In the Designer, activate the configuration parameter TargetSystem | Epic healthcare | Accounts | InitialRandomPassword | SendTo | MailTemplateAccountName.
By default, the message sent uses the mail template Identity - new user account created. The message contains the name of the user account.
4. In the Designer, activate the configuration parameter TargetSystem | Epic healthcare | Accounts | InitialRandomPassword | SendTo | MailTemplatePassword.
By default, the message sent uses the mail template Identity - initial password for new user account. The message contains the initial password for the user account.
NOTE: Change the value of the configuration parameter in order to use custom mail
templates for these mails.
Target system managers
A default application role exists for the target system manager in One Identity Manager.
Assign the identities who are authorized to edit all tenants in One Identity Manager to this application role.
Define additional application roles if you want to limit the edit permissions for target system managers to individual tenants. The application roles must be added under the default application role.
For more information about implementing and editing application roles, see the One Identity Manager Authorization and Authentication Guide.
Implementing application roles for target system managers
1. The One Identity Manager administrator assigns identities to be target system managers.
2. These target system managers add identities to the default application role for target system managers.
Target system managers with the default application role are authorized to edit all tenants in One Identity Manager.
3. Target system managers can authorize other identities within their area of responsibility as target system managers and if necessary, create additional child application roles and assign these to individual connections.
Default Application Roles for Target System Managers
Table 15: Default Application Roles for Target System Managers
Users |
Tasks |
Target system managers |
Target system managers must be assigned to Target systems | Epic or a sub-application role.
Users with this application role:
Assume administrative tasks for the target system.
• Create, change or delete target system objects, like user accounts and update the EMPTemplates or SubTemplates.
• Edit password policies for the target system.
• Prepare groups for adding to the IT Shop.
• Can create identities with an identity that differs from the Primary identity.
• Configure synchronization in the Synchronization Editor and defines the mapping for comparing target systems and One Identity Manager.
• Edit the synchronization's target system types and outstanding objects.
• Authorize other identities within their area of responsibility as target system managers and create child application roles if required. |
To initially specify identities to be target system administrators
1. Log in to One Identity Manager as Manager administrator (Base role | Administrators).
2. Select One Identity Manager Administration | Target systems | Administrators.
3. Select Assign identities.
4. Assign the identity you want and save the changes.
To add the first identities to the default application as target system managers
1. Log into One Identity Manager as Target System Administrator (Target systems | Administrators).
2. Select One Identity Manager Administration | Target systems | Epic healthcare.
3. Select Assign identities in the Task view.
4. Assign the identities you want and save the changes.
To authorize other identities as target system managers when you are a target system manager
1. Log into One Identity Manager as target system manager.
2. Select the application role in Epic healthcare | Basic configuration data | Target system managers.
3. Select Assign identities.
4. Assign the identities you want and save the changes.
To specify target system managers for individual clients
1. Log into One Identity Manager as target system manager.
2. Select Epic healthcare | Connections.
3. Select the client from the result list.
4. Select Change master data.
5. On the General tab, select the application role in the Target system manager menu.
- OR -
Next to the Target system manager menu, click to create a new application role.
a. Enter the application role name and assign the Target systems | Epic healthcare parent application role.
b. Click OK to add the new application role.
6. Save the changes.
7. Assign identities to this application role who are permitted to edit the client in One Identity Manager.
Related Topics
One Identity Manager users for managing an Epic health care system