Setting External User ID on Epic EMP user creation
The External User ID can be set either by letting Epic autogenerate the ID or the customer can manually set the ID.
If the ID needs to be autogenerated by Epic, then a temporary unique id of the format OneIM_Autogenerated_GUID is automatically created on user account creation. The connector reads the ID and checks if it is an auto generated string of the format OneIM_Autogenerated_GUID. If that is the case, it lets Epic generate the ID for the user. The Epic generated ID is then resynched back in to OneIM.
If the Epic Admin needs to enter the ID manually on user creation, admin can disable the UserExternalID column's value template that generates the unique id in the designer. The admin can then manually set the ID on user creation.
Security Matrix
Entitlements in Epic, including the EMPTemplate and SubTemplates, are assigned to the Epic users based on one or more attributes associated with the Identity. Security matrix is a table that consists of entitlements grouped with one or more attributes of the Identity, which mostly consist of organizational attributes.
One Identity Manager out of the box provides capabilities to assign these entitlements, including the EMPTemplates and SubTemplates, to organizations or business roles. This allows all user accounts linked to person Identities that belong to these organizations to automatically inherit the respective entitlements. Maintenance of such assignments becomes difficult while dealing with a combination of business roles as dynamic groups. Several dynamic group calculations also degrade the overall performance of assignments. In this scenario, configuring entitlements for the combination of One Identity Manager organizations and business roles in the security matrix makes the process easier to maintain and performance effective.
Security Matrix for EMP template
Security matrix for EMPTemplate is a table that consists of EMPTemplates grouped with one or more attributes of the Identity, which mostly consist of organizational attributes.
Configuring SecurityMatrix for EMPTemplate
A mapping must be established between the Person Identity attributes and the EMPTemplate security matrix attributes to group the EMPTemplate with one or more attributes of the Identity.
This section describes the steps to define such mappings in One Identity Manager.
To define the column mappings between the Person Identity and the Security Matrix for EMPTemplate
- Open One Identity Manager and select the appropriate Epic connection that has been created.
- In the Tasks section, select the link Assign Epic EMPTemplate Matrix property mapping.
- Select the Person column and corresponding Security Matrix column from the respective drop downs for the mapping.
- Save the mappings.
NOTE: The Epic EMPTemplate security matrix has a maximum of ten Properties that can be mapped with the Person Identity. The security matrix will always apply an AND operation on the combination of properties when assigning the respective EMPTemplate.