The Integration for Epic requires a configured IdP client connection when using Epic Hyperdrive with a SMART on FHIR integration.
To configure the Integration for Epic Client to use IdP authentication:
-
Configure a client connection on the Hyland IdP server for the Integration for
Epic Client to use. The client connection must have the following settings, as
well as any standard required settings. All other settings can be left with the
default values.
Setting Description Protocol Type oidc Redirect URLs The URLs to the login.aspx page of the OnBase Web Viewer and DeficiencyPop.
Note: If DeficiencyPop is not used with the Integration for Epic environment, only the URL to the login.aspx page of the OnBase Web Viewer is required.The following is an example of a login.aspx page of the OnBase Web Viewer:
If your domain for the OnBase Web Viewer is my.domain, and the Integration for Epic application name is OnBaseWebEpic, then the URL is:
https://my.domain/OnBaseWebEpic/healthcarewebviewer/login.aspx
The following is an example of a login.aspx page of DeficiencyPop:
If your domain for DeficiencyPop is my.domain, and the DeficiencyPop application name is OnBaseWebDefPop, then the URL is:
https://my.domain/OnBaseWebDefPop/login.aspx
Allowed Grant Type Select Token Exchange and Addendum Exchange Allowed Scopes openid Allow users to log in locally Select Allow users to log in locally Post Logout Redirect URLs The URLs to the logout.aspx page of the OnBase Web Viewer and DeficiencyPop.
Note: If DeficiencyPop is not used with the Integration for Epic environment, only the URL to the logout.aspx page of the OnBase Web Viewer is required.The following is an example of a logout.aspx page of the OnBase Web Viewer:
If your domain for the OnBase Web Viewer is my.domain, and the Integration for Epic application name is OnBaseWebEpic, then the URL is:
https://my.domain/OnBaseWebEpic/healthcarewebviewer/logout.aspx
The following is an example of a logout.aspx page of DeficiencyPop:
If your domain for DeficiencyPop is my.domain, and the DeficiencyPop application name is OnBaseWebDefPop, then the URL is:
https://my.domain/OnBaseWebDefPop/logout.aspx
Front Channel Logout requires session ID Select Front Channel Logout requires session ID Back Channel Logout requires session ID Select Back Channel Logout requires session ID Access Token Type Jwt Include user claims in ID tokens Select Include user claims in ID tokens Client secret must be present Select Client secret must be present -
Configure a client secret with a Value that is the
plain-text value of the word or phrase configured as the client secret for the
Integration for Epic Hyperdrive environment, and set the
Type to Shared Secret.
Note: Remember the plain text value for use with further configuration in this procedure. The plain text value entered is converted to a hash of the value when the client connection is saved, but the value passed from the Integration for Epic must still be plain text.
- Save the client connection. The Client ID value is automatically populated.
-
Copy the Client ID value to the clipboard by clicking
the icon at the right of the Client ID field. You will
need this value for
- Recycle the application pool of the Hyland IdP server in IIS for any configuration changes on the Hyland IdP server to take effect.
- Next, complete the instructions under