Server Configuration for EPCS
  • 23 Nov 2022
  • 4 Minutes to read
  • Contributors
  • Dark
    Light
  • PDF

Server Configuration for EPCS

  • Dark
    Light
  • PDF

Article summary

Server Configuration for EPCS

Prior to enrolling users, there are prerequisite steps required for setup on both the RapidIdentity Server and the ExactAccess Server, as part of the EPCS configuration.

  1. Creating New Fingerprint Profile
  2. Creating New OTP Profile
  3. Creating HealthCast EPCS Authentication Sets for Users
  4. Creating an Authentication Set for Enrollment Supervisors
  5. Creating a New Role for the Enrollment Supervisor

Creating New Fingerprint Profile

In order to assign a new Profile to a Set, administrators must first create the new Profile.

Follow these steps to create a new Fingerprint Profile.

  1. In the Administration Portal in the RapidIdentity MFA Server, open Methods > Biometric > Click New Profile
  2. Enter a Name and Description and modify the criteria as needed.
  3. Select the number of fingers that will be required for the set to be used for user enrollment.
  4. Ensure that all of the boxes that follow are unchecked:
    • Require a PIN for Workstation Logon
    • Do NOT Require PIN for Workstation Unlock
    • Secure Logon Password
  5. Click Save.

The new Fingerprint Profile has been successfully created.

Changing the Number of Fingerprints

Enrollment is automatically set for three fingers. The following steps show how to change the number of fingerprints required for enrollment.

  1. In the Administration Portal in the RapidIdentity MFA Server, go to Methods Tab > Biometrics > Click Profile List.
  2. Select Edit next to the EPCS.
  3. Select desired amount in the dropdown menu next to Number of Fingers
  4. Press Save.


Tip

The fingers with a better success rate are:

  • Thumb
  • Index
  • Middle finger


Creating New OTP Profile

Once the new Fingerprint Profile is created, administrators must now create the new OTP Profile.

Follow these steps to create a new OTP Profile.

  1. In the Administration Portal in the RapidIdentity MFA Server, open Methods > One Time Password > Click New Profile
  2. Enter a Name and Description and modify the criteria as needed.
  3. Synchronization Window: This number represents how wide the range is when the administrator searches for the OTP keys upon login.
  4. Enrollment synchronization window: This number represents how wide the range is when the administrator searches for the OTP keys upon enrollment.
  5. Base retry timeout, sec: This number represents the number of seconds RapidIdentity Server waits before allowing another attempt with the OTP Token.
  6. Max Attempts: This number represents how many attempts until the token is locked out. 
    • Important:
    • Ensure to set the DEA requirements.
    • The default settings for new OTP Policy is designed for best practices.
  7. Select the desired OTP Policy and Name, and select “NONE” in Require PIN prompt.
  8. Click Add.

The new OTP Profile has been successfully created.

Creating HealthCast EPCS Authentication Sets for Users

The sets required for user enrollment must be initially configured in the RapidIdentity Windows Client to allow for the user enrollment process.

Authentication Combinations Supported by EPCS

There are four different authentication combinations allowed:

  • Fingerprint + push token
  • Password + fingerprint
  • Password + push token
  • Password + manual OTP

To determine these sets in the system, create new authentication sets by following these steps.

  1. Under the Administration Portal on the RapidIdentity MFA Server, go to Sets Tab.
  2. Select New Set from the left-side menu.
  3. The Create a New Authentication Set window will populate.
  4. Select a name for the set.
  5. Add a description (optional).
  6. Select OTP from the dropdown box under Methods for Primary Access.
  7. Click Add Method
  8. Select Fingerprint from the dropdown box under Methods for Primary Access.
  9. Click Add Method
  10. Add AD to methods to “Methods for Secure Workflow”
  11. Click Add.

The User Authentication Set is now created.

Configuring the Authentication Sets

Once the sets are created, the Fingerprint and OTP profiles must configured to not require a pin.

  1. In the Administration Portal in the RapidIdentity MFA Client, go to the Sets Tab
  2. Find and select the set created for HealthCast EPCS.
  3. Select Edit button.
  4. The "Edit Authentication Set" Window will populate.
  5. Click on Edit Profiles.
  6. Select the EPCS profiles created for Fingerprint method and OTP method.
  7. Press the Save button.

This process needs to be performed on the OTP profile and the fingerprint profile.

Creating an Authentication Set for Enrollment Supervisors

Follow these steps to create an Authentication Set dedicated to Enrollment Supervisors.

  1. Under the Administration Portal on the RapidIdentity MFA Server, go to the Sets Tab.
  2. Select New Set from the left-side menu.
  3. The Create a New Authentication Set window will populate.
  4. Select a name for the set.
  5. Add a description (optional).
  6. Select AD from the dropdown box under Methods for Primary Access.

The Enrollment Supervisor Authentication Set is now created.

Creating a New Role for the Enrollment Supervisor

Create a New Role provides the capability to create new roles within the RapidIdentity MFA Server. This configuration displays as a pop-up window once Create a New Role is clicked.

The Enrollment Supervisor is the person involved in the EPCS authentication workflow who assists in the enrollment of physicians. The role for the Enrollment Supervisor needs to be created.

Along with naming the role and providing a description, there are four primary areas within the Create a New Role dialog that will need to be configured with the proper attributes that are dedicated to the Enrollment Supervisor role.

  1. In the administration portal, open the Roles Tab > click on Create a New Role.
  2. Under the Functions option, select Manage Users and Manage Reports.
  3. In the Modification section, select User.
  4. In the Assignment section, select User.
  5. In the Management section, select User.

Once these sections are completed, click Create a New Role.


Important
When creating roles and configuring their permissions, it is helpful to limit the number of administrators with full permissions to manage Authentication Methods and Sets as well as manage Roles. By limiting the scope of each role, the opportunity for an unauthorized administrator to create users and issue unauthorized credentials to users is minimized. The ability to assign a role to a user should be granted only to a security group or the highest level of an administrative user group.

Was this article helpful?