- DarkLight
- PDF
Configuration and Installation
Epic Configuration
These steps need to be completed regardless as to whether Epic will be running on a Citrix server or installed locally:
Plugin Installation and Configuration
These steps will depend on your desired implementation
- Plugin Installation
- Plugin Configuration
- Hyperspace Configuration
- AutoLaunch
- Slingshot Configuration
- SAML Configuration
- Community Connect Configuration
- Narrator Workflow
Authentication Device (EpicAuth) Configuration
To create and configure Identity Automation's authentication devices in Hyperdrive, please have your Epic TS follow the directions in the 3rd Party Authentication Setup section in the Authentication Setup and Support Guide. This guide is maintained and supported by Epic and has directions on setting up a 3rd-party authentication device E0G records and configuring it in Authentication Administration to allow Hyperdrive to use an authentication device.
While using the Guide, use the following Identity Automation ProgIDs:
- Use IA.Hyperdrive.ProxCard if setting up a primary authentication device.
- IMPORTANT: Epic's Default Login (0) device should be added to the Primary Device setting after the IA.Hyperdrive.ProxCard device.
- Use IA.Hyperdrive.ProxCardPassive for setting up a passive authentication device.
- IA.Hyperdrive.ProxCardPassive is only supported in the Integrated Narrator workflow. If using Standalone, then IA.Hyperdrive.ProxCard will be used.
- Use Epic's documentation for the context in which this should be configured.
- This device requires that the IA.Hyperdrive.ProxCard device has been configured for primary authentication.
- You only need to configure the passive/secondary auth E0G record if your organization is currently using our integration for these workflows.
- IA.Hyperdrive.ProxCardPassive is only supported in the Integrated Narrator workflow. If using Standalone, then IA.Hyperdrive.ProxCard will be used.
Interconnect OAuth2 Configuration
There are two different ways you can configure Interconnect OAuth2 back-end service:
- OPTION 1- you can set a default user to associate with all external applications.
- OPTION 2- you can use a different user for each external client (such as Identity Automation Auth Plugin).
Contact your Epic TS for detailed instructions and more information about adding and configuring
Here is a sample of how you might configure Interconnect and OAuth2:
- You create a new background user (no specific security points or classes are needed).
- Associate the new background user with the Interconnect OAuth2 back-end service.
- OPTION 1- If you would like to use the default user for all external clients, then within the Interconnect Administrator's menu, select OAuth2 Management, then Edit System Settings and set the default user.
- OPTION 2- If you would like to use a specific user for the** Identity Automation Auth Plug-in** then you'll need to create an entry for our external app and enter that specific user there. Please work with your Epic TS to determine these values.
2. Enter HealthCast Epic Authentication in the "External Client" column.
3. Specify the User (EMP) record in the "Associated User" column.
Turn off the Pause Form
The Pause Form must be turned off to allow users to tap in. Use the following command to run in the Epic Operational Database to complete this task:
d ^%ZeUSTBL > Security > Login Settings > Client Login Settings >
Always show pause form on secure? No
Plugin Installation
Follow these steps to install the Identity Automation Auth Plugin on a computer (either a Citrix server or a local workstation):
- Run Identity Automation ProxCard Epic Login Device.msi (available from Healthcast Product Downloads page.
- Import the .PFX file which was generated in Getting Started - Create Keys section to the Local Machine certificate store (for test systems, use the non-prod .PFX file; for production systems use the prod .PFX file)
- Import the .PFX file into the Local Machine\Personal\Certificates store.
- While importing, ensure the private key is NOT marked as exportable in the import options.
- Import the .PFX file into the Local Machine\Personal\Certificates store.
- Run the IA.EpicAuth.RegisterClient.exe tool located in the installation folder as a local administrator. This will load the Client Registration tool
1. The tool will prompt you for:
1. Org ID
1. Org ID can be determined based on the Epic config file name found in the Hyperdrive Config folder (default C:\Program Files (x86)\Epic\Hyperdrive\Config).
1. If the file name is 100Config.json, for instance, then your Org ID is 100
2. Environment:
1. Environment also comes from the configuration .json file (e.g. 100Config.json) for your organization.
2. In the example below (from a configuration .json file), the Environment name is "Testing"
"Environments": { "Testing": { "DisplayName": "Current Testing", "HSWebServerURL": "https://fhir.epic.com/HSWeb_uscdi" }
3. Click the Register Client button.
1. This will start Hyperdrive/Hyperspace, which will be used to complete the registration process.
1. Hyperspace will run for approximately 30 seconds.
2. If successful, a message will appear that shows Registration Succeeded.
3. Close the message box.
4. Close the RegisterClient tool.
5. Close Hyperspace.
6. Click through any additional prompts to complete the installation.
Plugin Configuration
Hyperspace Configuration
- Update the HyperspacePathExeName setting in the registry to reflect the Hyperspace directory path
- Update the HyperspaceParams setting in the registry to reflect any parameters that need to be included (such as the environment) when launching Hyperspace
HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\eXactACCESS\TFA Settings\HyperspaceConfiguration1
HyperspaceParams
HyperspacePathExeName
WarpDriveConnector
AutoLaunch
To enable automatic launching of Hyperspace when a user logs in, update (or create) these settings in the registry:
[HKLM\Software\HealthCast\eXactACCESS\TFA Settings]
HyperspaceWindowTitle=Hyperspace
HyperspaceWindowClass=Chrome_
The default for this setting is "Hyperspace", but it could be different in your environment. Please ensure the correct HyperspaceWindowTitle is set here.
Slingshot Configuration
SAML Configuration
Community Connect Configuration
- Storefront is the only configuration supported with Community Connect
- The local endpoints need to have a Community Connect user defined
- HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\hciepicsessionmgr
1.