Configuring a Provider for the Integration for Epic - Identity and Access Management Services - Foundation 23.1 - Foundation 23.1 - Ready - OnBase - external

Integrating With Hyland IAM Services

Identity and Access Management Services
Foundation 23.1

The Integration for Epic must be configured as an OIDC-Exchange provider on the Hyland IdP server.

The following procedure describes how to configure a provider to be used with a SMART on FHIR launch of the Integration for Epic. The provider must have the settings described in this procedure as well as any standard required settings. All other settings can be left with the default values. For more information about configuring providers, see the Identity and Access Management Services documentation.

To configure a provider for the Integration for Epic:

  1. Log in to the Hyland IdP Administration client.
  2. Select the Provider tab.
  3. Click Add New. The Provider configuration page is displayed.
  4. Enter a unique name for the provider in the Name field.
  5. Select OIDC-Exchange from the Type drop-down list.
  6. Configure the following settings under Protocol:
    Setting Description
    Issuer The URL for the issuer of incoming ID tokens. This information must be obtained from Epic.
    Cache Duration in Seconds Use the default, 14400.
  7. Configure the following settings under User Attribute Mapping:
    Setting Description
    UserId epic.scanning.dmsusername
    Username epic.scanning.dmsusername
  8. Configure the following settings under User Provisioning:
    Setting Description
    Enable User Provisioning Select Enable User Provisioning
    User Provisioning Create Enabled Select User Provisioning Create Enabled
    User Provisioning Update Enabled Do not select User Provisioning Update Enabled
  9. Click Save.
  10. Recycle the application pool of the Hyland IdP server in IIS for any configuration changes on the Hyland IdP server to take effect.
  11. Next, complete the instructions under Configuring the Integration for Epic Client to Use IdP Authentication.