Configuration and Installation
  • 03 May 2024
  • 4 Minutes to read
  • Contributors
  • Dark
    Light
  • PDF

Configuration and Installation

  • Dark
    Light
  • PDF

Article summary

Configuration and Installation

Epic Configuration

These steps need to be completed regardless as to whether Epic will be running on a Citrix server or installed locally:

  1. Authentication Device (EpicAuth) Configuration
  2. Interconnect OAuth2 Configuration
  3. Turn off Pause Form

Plugin Installation and Configuration

These steps will depend on your desired implementation

Authentication Device (EpicAuth) Configuration

To create and configure Identity Automation's authentication devices in Hyperdrive, please have your Epic TS follow the directions in the 3rd Party Authentication Setup section in the Authentication Setup and Support Guide. This guide is maintained and supported by Epic and has directions on setting up a 3rd-party authentication device E0G records and configuring it in Authentication Administration to allow Hyperdrive to use an authentication device.

While using the Guide, use the following Identity Automation ProgIDs:

  1. Use IA.Hyperdrive.ProxCard if setting up a primary authentication device.
    1. IMPORTANT: Epic's Default Login (0) device should be added to the Primary Device setting after the IA.Hyperdrive.ProxCard device.
  2. Use IA.Hyperdrive.ProxCardPassive for setting up a passive authentication device.
    1. IA.Hyperdrive.ProxCardPassive is only supported in the Integrated Narrator workflow.  If using Standalone, then IA.Hyperdrive.ProxCard will be used.
      1. Use Epic's documentation for the context in which this should be configured.
    2. This device requires that the IA.Hyperdrive.ProxCard device has been configured for primary authentication.
    3. You only need to configure the passive/secondary auth E0G record if your organization is currently using our integration for these workflows.

Interconnect OAuth2 Configuration

There are two different ways you can configure Interconnect OAuth2 back-end service:

  1. OPTION 1- you can set a default user to associate with all external applications.
  2. OPTION 2- you can use a different user for each external client (such as Identity Automation Auth Plugin).
For Additional Guidance

Contact your Epic TS for detailed instructions and more information about adding and configuring

Here is a sample of how you might configure Interconnect and OAuth2:

  1. You create a new background user (no specific security points or classes are needed).
  2. Associate the new background user with the Interconnect OAuth2 back-end service.
    1. OPTION 1- If you would like to use the default user for all external clients, then within the Interconnect Administrator's menu, select OAuth2 Management, then Edit System Settings and set the default user.
    2. OPTION 2- If you would like to use a specific user for the** Identity Automation Auth Plug-in** then you'll need to create an entry for our external app and enter that specific user there. Please work with your Epic TS to determine these values.
      2. Enter HealthCast Epic Authentication in the "External Client" column.
      3. Specify the User (EMP) record in the "Associated User" column.

Turn off the Pause Form

The Pause Form must be turned off to allow users to tap in. Use the following command to run in the Epic Operational Database to complete this task:

d ^%ZeUSTBL > Security > Login Settings > Client Login Settings > 
Always show pause form on secure? No

Plugin Installation

Follow these steps to install the Identity Automation Auth Plugin on a computer (either a Citrix server or a local workstation):

  1. Run Identity Automation ProxCard Epic Login Device.msi (available from Healthcast Product Downloads page.
  2. Import the .PFX file which was generated in Getting Started - Create Keys section to the Local Machine certificate store (for test systems, use the non-prod .PFX file; for production systems use the prod .PFX file)
    1. Import the .PFX file into the Local Machine\Personal\Certificates store.
      1. While importing, ensure the private key is NOT marked as exportable in the import options.
  3. Run the IA.EpicAuth.RegisterClient.exe tool located in the installation folder as a local administrator.  This will load the Client Registration tool

image.png

1.  The tool will prompt you for:
1.  Org ID
1.  Org ID can be determined based on the Epic config file name found in the Hyperdrive Config folder (default C:\Program Files (x86)\Epic\Hyperdrive\Config).
1.  If the file name is 100Config.json, for instance, then your Org ID is 100
2. Environment:
1. Environment also comes from the configuration .json file (e.g. 100Config.json) for your organization.
2. In the example below (from a configuration .json file), the Environment name is "Testing"
"Environments": { "Testing": { "DisplayName": "Current Testing", "HSWebServerURL": "https://fhir.epic.com/HSWeb_uscdi" }

3. Click the Register Client button.
1. This will start Hyperdrive/Hyperspace, which will be used to complete the registration process.
1. Hyperspace will run for approximately 30 seconds.
2. If successful, a message will appear that shows Registration Succeeded.
3. Close the message box.
4. Close the RegisterClient tool.
5. Close Hyperspace.
6. Click through any additional prompts to complete the installation.

Plugin Configuration

Hyperspace Configuration

  1. Update the HyperspacePathExeName setting in the registry to reflect the Hyperspace directory path
  2. Update the HyperspaceParams setting in the registry to reflect any parameters that need to be included (such as the environment) when launching Hyperspace
HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\eXactACCESS\TFA Settings\HyperspaceConfiguration1
HyperspaceParams
HyperspacePathExeName
WarpDriveConnector

AutoLaunch

To enable automatic launching of Hyperspace when a user logs in, update (or create) these settings in the registry:

[HKLM\Software\HealthCast\eXactACCESS\TFA Settings]
HyperspaceWindowTitle=Hyperspace
HyperspaceWindowClass=Chrome_
Hyperspace Window Title

The default for this setting is "Hyperspace", but it could be different in your environment. Please ensure the correct HyperspaceWindowTitle is set here.

Slingshot Configuration

SAML Configuration

Community Connect Configuration

  1. Storefront is the only configuration supported with Community Connect
  2. The local endpoints need to have a Community Connect user defined
  3. HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\hciepicsessionmgr
    1.

Narrator Workflow


Was this article helpful?