HealthCast EPCS Install on Citrix
  • 26 Apr 2023
  • 4 Minutes to read
  • Contributors
  • Dark
    Light
  • PDF

HealthCast EPCS Install on Citrix

  • Dark
    Light
  • PDF

Article summary

HealthCast EPCS Install on Citrix

Obtaining the API Key

In order to install HealthCast EPCS on Citrix, the API key first needs to be generated from the RapidIdentity MFA Server.

Follow these steps on obtaining the API Key needed to continue with the installation on Citrix.

  1. Log into the RapidIdentity MFA Server and click on the Clients tab.
  2. Select All Clients under the Lookup section on the left-hand side.
  3. Select the appropriate Workstation GUID that was initially set up in the enrollment.
  4. When the Client Details screen populates, click on the Edit button          
  5. Check the box for Approved for API Calls.          
  6. Click Save.

The API Key needed to continue with installing HealthCast EPCS on Citrix is the information in the Workstation ID field.

Installing HealthCast ExactAccess ('XA') Client on Citrix

Complete the HealthCast EPCS installation on Citrix by installing the HealthCast XA Client by following these steps.

Note
If the XA Client is already installed, run "C:\Program Files (x86)\HealthCast\ExactAccess\XAClientConfigure.exe" and ensure that an audit server is configured in the "auditSERVER" tab to match step 5c and skip the steps listed in this section.

These steps focus on setting up the XA Client to configure an audit server. Please visit the HealthCast XA documentation for details on Installation and configuration options.

  1. Open a command window as an administrator.
  2. Change the directory to where the "HealthCast ExactAccess Client x64.msi" file is located.
  3. Run the following command line: "HealthCast ExactAccess Client x64.msi"
  4. The InstallShield Wizard Welcome Screen will populate. Click Next.
  5. Click Next on the Installation Wizard screen.
  6. The HealthCast XA Client is ready to install. Click Install.
  7. The XA Client Configuration screen will populate when the installation is completed successfully. Make the following changes to this section.
    1. On the General tab, click Change Mode and change it to Kiosk and click OK.
    2. This will populate the Kiosk Mode tab. Uncheck the boxes next to Enable Remote Authentication and Kiosk Mode supports locking the workstation.
    3. Scroll through the tabs to get to the auditSERVER tab.
    4. Click the (+) button to enter the name of the auditSERVER servers being added. Click OK.
    5. Click on Test Connection to ensure it succeeds and click OK.
  8. Wait for the installation to complete successfully and press Finish once the Installation Completed screen populates.
  9. Click Yes to restart the system for the changes to take effect or click No to restart later.

Once the workstation is restarted, the HealthCast ExactAccess Client will be successfully installed on Citrix.

Installing RapidIdentity EPCS Plug-in for Epic on Citrix

The RapidIdentity EPCS Plug-in for Epic file needs to be installed on Citrix. Follow these steps to install the file.

  1. Open a command window as an administrator.
  2. Change the directory to where the "RapidIdentity EPCS plug-in for EPIC x64.msi" file is located.
  3. Run the following command line: "RapidIdentity EPCS plug-in for EPIC x64.msi" RI_APIKEY=40008a00-d066-4010-224c-01231d833006 RI_URL="https://auth01.demo.local/oneservice/ValidateService.asmx" RI_DD=demo
    1. Substitute your generated API key for RI_APIKEY
    2. Substitute your server URL for the machine running the MFA Authentication server for RI_URL
    3. Substitute your actual user authentication domain for RI_DD
Note

The API key shown in this step serves as an example and is not the key that would be used in this installation. The API key is unique to each install.

  • Enter the API key obtained.
  1. The InstallShield Wizard Welcome Screen will populate; click Next.
  2. The next screen that populates is the Destination Folder. Click Next to continue or select the folder in which the plug-in will be installed and then click Next.
  3. Click Install to begin this process.
  4. The InstallShield Wizard Complete screen will appear when the installation is complete. Click Finish.

The RapidIdentity EPCS plug-in for Epic is now installed on Citrix.

Post Installation steps for using RapidIdentity EPCS Plug-in for Hyperdrive

In order to use the RapidIdentity EPCS Plug-in with Hyperdrive the following additional steps will need to be completed.  

1. Generate the EPCS SAML keys

These steps are used to generate a SAML authorization token for the EPCS integration, which is required by Hyperdrive.  This step can be done on a machine other than the Citrix machine.  This step is not required for EPCS when integrating with the older Hyperspace (VB) versions.

  1. Install the Epic Authentication plugin v4.1.0 or greater.  This installation is normally used for Identity Automation's primary authentication integration with Epic Hyperdrive, but also contains additional tools.
  2. Run IA.EpicAuth.Key.Generator.exe located in installation directory (default C:\Program Files (x86)\Identity Automation\EpicAuth) 
  3. Click Create EPCS Key
  4. Change output path as desired.
  5. Input password and confirmation password information
  6. Click Create SAML Key
  7. Close out of the Key Generator screens.
  8. Store the resulting certificates in a safe place, and record the password carefully and securely.

This process will create two files, located in the output path.  "IA Epic Hyperdrive SAML.cer" (the public key), and "IA Epic Hyperdrive SAML.pfx" (the private key).

2. Install the EPCS SAML Keys

  1. The private key will need to be imported on machines using the EPCS plugin.  It should be imported into the Local Computer certificate store and should be imported into the Personal store.  If you are using Citrix to run Hyperdrive, then each Citrix machine should have the private key imported.  If you are running Hyperdrive on workstation endpoints directly (not through Citrix) then you will need to install the certificate on each workstation.
  2. The Epic 3rd party authentication device E0G records associated with EPCS will need to be changed to include the public key generated above.  The ProgIDs for the affected records are RIBiometric.riBio and RIPingMe.RIToken.  Your Epic TS will have additional information on how to set this up.  Key points for E0G device records are noted here.
    1. Platforms should show "Full Client", and "Hyperspace Web"
    2. On the Desktop Settings screen:
      1. ProgID: RIPingMe.RIToken  OR RIBiometric.riBio
      2. Hyperdrive ProgID can be left blank as the EPCS plugin supports both Hyperspace Classic Client (Full Client) and Hyperdrive (Hyperspace Web) and does not require a Hyperdrive specific ProgID
    3. On Web Device Settings screen:
      1. Token Type: SAML 2
      2. SAML Issuer:
        1. For RIPingMe use "IA Epic Hyperdrive SAML" 
        2. For RIBiometric use "IA Epic Hyperdrive Biometric SAML"
      3. SAML Key File: [path on Unix server to the public key generated above]
        1. This certificate will need to be installed on all operational database servers and User Application servers (if ECP)
        2. The public certificate file needs to be reformatted with Unix style line endings

3. Using EPCS with EpicAuth ProxCard authentication

In order to use EPCS alongside EpicAuth ProxCard authentication, installation of EpicAuth v4.1.0 or above is required.







Was this article helpful?