Configuring the Integration for Epic Client to Use IdP Authentication - Integration for Epic - English - Foundation 22.1 - OnBase - Essential - Premier - Standard - external - Essential - Standard - Premier

Integration for Epic

Platform
OnBase
Product
Integration for Epic
Release
Foundation 22.1
License
Essential
Standard
Premier

The Integration for Epic requires a configured IdP client connection when using Epic Hyperdrive with a SMART on FHIR integration.

Note: The Integration for Epic requires the OnBase Application Server to communicate with OnBase. You must also configure the Application Server to use IdP authentication. See the topic on configuring the Application Server to use IdP authentication in the Integrating With Hyland IAM Services documentation.

To configure the Integration for Epic Client to use IdP authentication:

  1. Configure a client connection on the Hyland IdP server for the Integration for Epic Client to use. The client connection must have the following settings, as well as any standard required settings. All other settings can be left with the default values.
    Setting Description
    Protocol Type oidc
    Redirect URLs

    The URLs to the login.aspx page of the OnBase Web Viewer and DeficiencyPop.

    Note: If DeficiencyPop is not used with the Integration for Epic environment, only the URL to the login.aspx page of the OnBase Web Viewer is required.

    The following is an example of a login.aspx page of the OnBase Web Viewer:

    If your domain for the OnBase Web Viewer is my.domain, and the Integration for Epic application name is OnBaseWebEpic, then the URL is:

    https://my.domain/OnBaseWebEpic/healthcarewebviewer/login.aspx

    The following is an example of a login.aspx page of DeficiencyPop:

    If your domain for DeficiencyPop is my.domain, and the DeficiencyPop application name is OnBaseWebDefPop, then the URL is:

    https://my.domain/OnBaseWebDefPop/login.aspx

    Allowed Grant Type Select Token Exchange and Addendum Exchange
    Allowed Scopes openid
    Allow users to log in locally Select Allow users to log in locally
    Post Logout Redirect URLs

    The URLs to the logout.aspx page of the OnBase Web Viewer and DeficiencyPop.

    Note: If DeficiencyPop is not used with the Integration for Epic environment, only the URL to the logout.aspx page of the OnBase Web Viewer is required.

    The following is an example of a logout.aspx page of the OnBase Web Viewer:

    If your domain for the OnBase Web Viewer is my.domain, and the Integration for Epic application name is OnBaseWebEpic, then the URL is:

    https://my.domain/OnBaseWebEpic/healthcarewebviewer/logout.aspx

    The following is an example of a logout.aspx page of DeficiencyPop:

    If your domain for DeficiencyPop is my.domain, and the DeficiencyPop application name is OnBaseWebDefPop, then the URL is:

    https://my.domain/OnBaseWebDefPop/logout.aspx

    Front Channel Logout requires session ID Select Front Channel Logout requires session ID
    Back Channel Logout requires session ID Select Back Channel Logout requires session ID
    Access Token Type Jwt
    Include user claims in ID tokens Select Include user claims in ID tokens
    Client secret must be present Select Client secret must be present
  2. Configure a client secret with a Value that is the plain-text value of the word or phrase configured as the client secret for the Integration for Epic Hyperdrive environment, and set the Type to Shared Secret.
    Note: Remember the plain text value for use with further configuration in this procedure. The plain text value entered is converted to a hash of the value when the client connection is saved, but the value passed from the Integration for Epic must still be plain text.
  3. Save the client connection. The Client ID value is automatically populated.
  4. Copy the Client ID value to the clipboard by clicking the icon at the right of the Client ID field. You will need this value for
  5. Recycle the application pool of the Hyland IdP server in IIS for any configuration changes on the Hyland IdP server to take effect.
  6. Next, complete the instructions under