立即与支持人员聊天
与支持团队交流

Identity Manager 9.2.1 - Epic Healthcare System Administration Guide

Managing an Epic health care system Setting up synchronization with an Epic health care system Basic Data for managing an Epic health care system Epic Connection Epic EMP User Accounts Epic EMP template Epic EMP subtemplate Epic SER Items Epic SER Provider accounts Epic SER Blueprints Epic SER Template Security Matrix Configuration parameters for managing Epic health care system Default project template for Epic

Linking Epic EMP user account to identities

The central component of One Identity Manager is to map identities and their master data with permissions through which they have control over different target systems. For this purpose, information about user accounts and permissions can be read from the target system into the One Identity Manager database and linked to identities. This gives an overview of the permissions for each identities in all of the connected target systems. One Identity Manager provides the possibility to manage Epic EMP user accounts and their permissions. You can provision modifications in the target systems. Identities are supplied with the necessary permissions in the connected target systems according to their function in the company. Regular synchronization keeps data consistent between target systems and the One Identity Manager database. Because requirements vary between companies, One Identity Manager offers different methods for supplying Epic EMP user accounts to identities.

One Identity Manager supports the following method for linking identities and their Epic EMP user accounts.

  • Identities can automatically obtain their Epic EMP user accounts using account definitions. If an identity does not yet have an Epic EMP user account in Epic, a new Epic EMP user account is created. This is done by assigning account definitions to an identity using the integrated inheritance mechanism and subsequent process handling. When you manage Epic EMP user accounts through account definitions, you can specify the way Epic EMP user accounts behave when identities are enabled or deleted.
  • When Epic EMP user accounts are inserted, they can be automatically assigned to an existing identity or a new identity can be created if necessary. In the process, the identity master data is created on the basis of existing Epic EMP user account master data. This mechanism can be implemented if a new Epic EMP user account is created manually or by synchronization. Define criteria for finding identities for automatic identity assignment.
  • Identities and Epic EMP user accounts can be entered manually and assigned to each other.

For more information, see

Editing master data for Epic EMP user account

An Epic EMP user account can be linked to an identity in One Identity Manager. You can also manage Epic EMP user accounts separately from identities.

NOTE:

  • It is recommended to use account definitions to set up Epic EMP user accounts for company identities. In this case, some of the master data described in the following is mapped through templates from identity master data.
  • If identities are to obtain their Epic EMP user accounts through account definitions, the identities must own a central Epic EMP user account and obtain their IT operating data through assignment to a primary department, a primary location or a primary cost center.

To create an Epic EMP user account

1. In One Identity Manager, select Epic health care | EMP users.

2. Click in the result list toolbar.

3. On the master data form, edit the master data for the Epic EMP user account.

4. Save the changes.

To edit master data for an Epic EMP user account

1. In One Identity Manager, select Epic health care | EMP users.

2. Select the Epic EMP user account in the result list and run Change master data.

3. Edit the Epic EMP user account's resource data.

4. Save the changes.

For more information, see

Related Topics

Account definition for Epic EMP user account and Epic SER provider account

General master data for Epic EMP user account

General master data for an Epic EMP user account

Enter the following data on General tab

Table 21: Additional Master Data for an Epic EMP User Account
Property Description
Identity

Identity that uses this Epic EMP user account. An identity is already entered if the Epic EMP user account was generated by an account definition. If you create the Epic EMP user account manually, you can select an identity in the menu. If you are using automatic identity assignment, an associated identity is found and added to the Epic EMP user account when you save the Epic EMP user account.

For an Epic EMP user account with an identity of type Organizational identity, Personalized administrator identity, Sponsored identity, Shared identity or Service identity, you can create a new identity.

To do this, click Next to the input field and enter the required identity master data. The login data required depends on the selected Employee type.

Account Definition

Account definition through which the Epic EMP user account was created. Use the account definition to automatically fill Epic EMP user account master data and to specify a manage level for the Epic EMP user account. The One Identity Manager finds the IT operating data of the assigned identity and enters it in the corresponding fields in the Epic EMP user account.

NOTE: The account definition cannot be changed once the Epic EMP user account has been saved.

Manage Level Manage level of the Epic EMP user account. Select a manage level from the menu. You can only specify the manage level if you have also entered an account definition. All manage levels of the selected account definition are available in the menu.
Account Name Template calculated value that is set to Epic EMP user’s Name.
User Account is Blocked Check this check box if Epic EMP user account is blocked.
Block status reason

Optionally select the reason why the Epic EMP user's account is blocked.

NOTE: Block status reason is a defined list of values and can be customized in the Designer

Block status comment Optional comment on why the Epic EMP user account is blocked.
First Name The first name of the Epic EMP user. If you have assigned an account definition, the input field is automatically filled with the manage level.
Last Name The last name of the Epic EMP user. If you have assigned an account definition, the input field is automatically filled with the manage level.
Middle Name The middle name of the Epic EMP user. If you have assigned an account definition, the input field is automatically filled with the manage level.
Gender Select the gender of the Epic EMP user. If you have assigned an account definition, the input field is automatically filled with the manage level.
UserExternalID Read only field. The Epic EMP user’s external id is created in Epic and synchronized back in to OneIM database.
Community ID Read only field. The Epic EMP user’s community id is created in Epic and synchronized back in to OneIM database.
Internal ID Read only field. The Epic EMP user’s internal id is created in Epic and synchronized back in to OneIM database.
System Login ID The Epic EMP user’s system login id.
Display Name Template calculated value that is set to Epic EMP user’s Name.
Name Template calculated value that is set to Epic EMP user’s Name. Once synchronization runs for the Epic EMP user, the user’s External ID is appended to the name.
User Alias The Epic EMP user’s alias.
User Notes Any notes about the Epic EMP user.
Start Date The date on which the Epic EMP user becomes active. On object creation, if you have assigned an account definition, the input field is automatically filled with the manage level.
End Date The date at which the Epic EMP user becomes inactive. If you have assigned an account definition, the input field is automatically filled with the manage level.
Contact Comment

Contact comment for the Epic EMP user. This is a Template calculated value.

NOTE:

  • The template can be customized in the Designer according to customer requirements.

  • The contact comment for Epic EMP User would be set only on user input and no default value would be applied.

Primary Manager

The user’s primary manager.

NOTE: Primary manager can be chosen only from the list of managers assigned to the user

Category Categories for the inheritance
Epic EMP template can be inherited Specifies whether the Epic EMP user can inherit Epic EMP template through Base tree inheritance via Organizations, Business Roles and ITShop.
Epic EMP Subtemplate can be inherited Specifies whether the Epic EMP user can inherit Epic EMP Subtemplate through Base tree inheritance via Organizations, Business Roles and ITShop.
IsTemplateUpdateDisabled

Specifies whether the Epic EMP template and Epic EMP Subtemplate can be inherited through SecurityMatrix approach. Select this option if Epic EMP template and Epic EMP Subtemplate inheritance should NOT happen for the user.

NOTE: Only applicable for SecurityMatrix inheritance.

DoNotSync Specifies whether the Epic EMP user information should NOT be synchronized from the target Epic system in to One Identity Manager. Select this option if Epic EMP user information should NOT be synchronized.
Privileged User Account

Specifies whether this account is a Privileged User Account.

NOTE: This option is only for governance. Setting this option does not have any impact of the target Epic system.

User account is disabled

This is a Template calculated value. Specifies whether the user account is disabled.

NOTE: The template can be customized in the Designer according to customer requirements

EMP SER Link

This field specifies the link between the Epic EMP user record and Epic SER provider record.

NOTE: The prerequisite for provisioning this field is to have the LinkedProviderIDType to be configured in the respective targets synchronization project.

Related topics

Demographic data for Epic EMP user account

Enter the following Demographic data on the Demographics tab. The demographic information listed here can be provisioned on to the target Epic system. This information is not synchronized from the target Epic system on to One Identity Manager.

Table 22: Demographics data
Property Description
Phone The Epic EMP user’s phone number. If you have assigned an account definition, the input field is automatically filled with the manage level.
Phone extension The Epic EMP user’s phone extension. If you have assigned an account definition, the input field is automatically filled with the manage level.
Contact Email The Epic EMP user’s contact Email. If you have assigned an account definition, the input field is automatically filled with the manage level.
House Number The Epic EMP user’s house number. If you have assigned an account definition, the input field is automatically filled with the manage level.
Street The Epic EMP user’s street. If you have assigned an account definition, the input field is automatically filled with the manage level.
City The Epic EMP user’s city. If you have assigned an account definition, the input field is automatically filled with the manage level.
County The Epic EMP user’s county. If you have assigned an account definition, the input field is automatically filled with the manage level.
District The Epic EMP user’s district. If you have assigned an account definition, the input field is automatically filled with the manage level.
State The Epic EMP user’s state. If you have assigned an account definition, the input field is automatically filled with the manage level.
Country The Epic EMP user’s country. If you have assigned an account definition, the input field is automatically filled with the manage level.
Zip code The Epic EMP user’s zip code. If you have assigned an account definition, the input field is automatically filled with the manage level.
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级