
Identity Manager 8.2 - Epic Healthcare System Administration Guide

Managing an Epic health care system Setting up synchronization with an Epic health care system Basic Data for managing an Epic health care system Epic EMP template Epic SubTemplate Epic Connection Epic EMP User Accounts Security Matrix Configuration parameters for managing Epic health care system Default project template for Epic

Importing the matrix directly into One Identity Manager Table

The SecurityMatrix for SubTemplate can be populated into the EPCMatrixSubTemplate table using a custom solution implemented in the customer environment.

There could be scenarios where the customer would prefer alternate sources for security matrix import other than a csv file, for example a direct interface from the Epic Database or a custom application based on their implementation.

Viewing the SubTemplate Security Matrix

The Security Matrix for SubTemplate once imported could be viewed using One Identity Manager.

To view the imported matrix

  1. In One Identity Manager and navigate to Epic connection which was created.
  2. In the Task menu click on View Epic Security Matrix for SubTemplate.

    A grid would be displayed with the SubTemplate and the corresponding Property values for Identity.

Assignment of the SubTemplate to Epic user accounts

The Epic user account can inherit SubTemplates from security matrix based on the properties mapped between the Identity and the matrix, provided that the Is Template Update Disabled flag for the user account is set to false.

The assignments inherited by the user from the Security Matrix has an XOrigin set to Matrix.

The User account SubTemplate assignments are updated in the following cases:

  1. An initial import of the data into the EPCMatrixSubTemplate table.
  2. Subsequent updated to the Security Matrix for SubTemplate.
  3. Changes to the property values of the Identity linked to the user account.
  4. Change of the Identity liked to the user account.

Configuration parameters for managing Epic health care system

The following configuration parameters are additionally available in One Identity Manager after the module has been installed.

Table 33: Additional configuration parameters available in One Identity Manager after the module has been installed
Configuration parameter Description
TargetSystem|Epic Healthcare

Preprocessor relevant configuration parameter for controlling the database model components for the administration of the target system Epic Healthcare.

If the parameter is set, the target system components are available. Changes to this parameter require the database to be recompiled.

TargetSystem|EPC|Accounts This configuration parameter permits configuration of user account data.
TargetSystem | EPC | Accounts | InitialRandomPassword

This configuration parameter specifies whether a random generated password is issued when a new user account is added.

The password must contain at least those character sets that are defined in the password policy.

TargetSystem | EPC | Accounts | InitialRandomPassword | SendTo

This configuration parameter specifies to which employee the email with the randomly generated password should be sent (manager cost center/department/location/role, employee’s manager or XUserInserted).

If no recipient can be found, the password is sent to the address stored in the TargetSystem | EPC | DefaultAddress configuration parameter.

TargetSystem | EPC | Accounts | InitialRandomPassword | SendTo |MailTemplateAccountName

This configuration parameter contains the name of the mail template sent to provide users with the login data for their user accounts.

The Employee - new user account created mail template is used.

TargetSystem | EPC | Accounts | InitialRandomPassword | SendTo | MailTemplatePassword

This configuration parameter contains the name of the mail template sent to provide users with information about their initial password.

The Employee - initial password for new user account mail template is used.

TargetSystem | EPC | Accounts | MailTemplateDefaultValues

This configuration parameter contains the mail template used to send notifications if default IT operating data mapping values are used for automatically creating a user account.

The Employee - new user account with default properties created mail template is used.

TargetSystem | EPC | DefaultAddress The configuration parameter contains the recipient's default email address for sending notifications about actions in the target system.
TargetSystem | EPC | PersonAutoDefault This configuration parameter specifies the mode for automatic employee assignment for user accounts added to the database outside synchronization.
TargetSystem | EPC | PersonAutoDisabledAccounts This configuration parameter specifies whether employees are automatically assigned to disable user accounts. User accounts do not obtain an account definition.
TargetSystem | EPC | PersonAutoFullSync This configuration parameter specifies the mode for automatic employee assignment for user accounts added to or updated in the database through synchronization.
TargetSystem | EPC | PersonExcludeList

List of all user accounts for which automatic employee assignment should not take place.

Names are listed in a pipe (|) delimited list that is handled as a regular search pattern.


TargetSytem |EPC|SubTemplateDefaultPriority This configuration parameter specifies the SubTemplate default priority to be assigned for direct and base tree assignments. the default value is set to 4 and can be updated.
TargetSystem|EPC| SubTemplateMatrixPriority

This parameter specifies the SubTemplate default priority for SecurityMatrix assignments.

The default value is 1 and can be updated.

TargetSystem|EPC| AutoSetAppliedEMPTemplate

If a user receives an EMPTemplate through base tree or SecurityMatrix inheritance and AutoSetAppliedEMPTemplate parameter value is 1, then the EMPTemplate is automatically set as the Applied and Default EMPTemplate for the user.

The default value is set to 0 and can be updated.

TargetSystem | EPC | Accounts | NotRequirePasswor

This configuration parameter determines whether a password is generated for the user. If this configuration parameter is set to 1 then no password is generated for the user. If this configuration parameter is not set to 1 and the Initial Random Password configuration parameter is enabled, then a password is generated for the user.

The default value of this configuration parameter is set to 1.


The document was helpful.


I easily found the information I needed.
