Workplace for Epic
Workplace for Epic
Breadcrumbs

Where to Start

This article walks you through the three core setup tasks to get your Workplace for Epic site up and running.

Task #1. Configure Single Sign-On (SAML)

Goal: Let users sign in to your Epic training site using their hospital’s credentials from your Active Directory or other Identity Provider (IdP).

Prerequisites

  • SSO does not create users. While you can set it up at anytime, you will need to add the user accounts in the learning environment in order for the users to log in.

  • Each user account must have their authentication method set to “saml2” in order to be connected to your IdP.

    • If you are not using SSO for a user, you may set their authentication method to “manual”. In that case, the learning environment manages the user’s password (reset/change happens in the learning environment itself, not at the IdP).

Steps

  1. The metadata URL is public and returns XML. You can view / download the metadata file and import it in your IdP to create a new SAML application.

    1. The metadata file is available at on your site at /epic/auth/saml2/sp/metadata.php?download=1

NOTE: You must create a new SAML application in your IdP for Epic. Do not modify or reuse the primary site’s SAML application. The Epic learning environment uses different endpoints under /epic.

  1. Map identifiers/claims (e.g., NameID = email or UPN, plus any basic identity attributes you require).

  2. Assign users/groups who should access the Epic training site.

  3. Test SP-initiated login starting from your Workplace for Epic site

Verification

  • User can access the login page on the Epic learning environment, click on the SSO login button, authenticate at the IdP, and return to the Epic dashboard.

  • If a user can’t log in but should, verify their LMS account exists and is that their authentication is set to saml2 (or manual if SSO is not intended).

Task #2. Configure HRIS integration (SFTP/CSV)

Goal: Keep user accounts current, ensure authentication is set to saml2 for SSO users, and represent your organizational hierarchy so team leaders can manage and schedule their staff in Epic training.

Prerequisites

  • A CSV file that can be fed to the SFTP server.

  • Fields that you want to track must be created in the learning environment

    • The exact fields depend on what your organization chooses to track (e.g., identifiers and the hierarchy/grouping attributes you’ll use for mapping users to programs and reporting). If you are working with a Dual Code Implementation Specialist, they will help create these fields on your behalf. Otherwise, your administrator will need to create these fields him/herself.

  • A clear field mapping from your CSV file and the fields in the learning environment.

Steps

  1. Define your CSV layout & cadence (e.g., nightly SFTP).

  2. Map the HRIS columns in your CSV file to the fields in the learning environment

    1. This includes setting auth = saml2 for SSO users. For users who won’t use SSO, set auth = manual.

  3. Use the custom “supervisor” user profile field (profile_field_supervisor) to map employees to their managers / team leaders. If the custom field does not yet exist, you must create it. Otherwise, team leaders will never see their staff under the “My Team” menu.

  4. Verify the results, first with a small set of users, and then with the entire set of users.

Verification

  • New users appear with correct data.

  • Updates users appear with the modified data.

  • Users with auth = saml2 can correctly login using their hospital credentials.

  • Team leaders correctly see their staff under My Team.

Task #3. Add administrators

Goal: Give the right people control in the Epic environment without over-privileging.

Prerequisites

  • A list of users to assign to the Epic Administrator role.

    • Note: Role capabilities in Epic differ from the primary site; don’t assume parity.

Steps

  1. Ensure prospective administrators already exist in the learning environment.

  2. Assign the appropriate Epic administrative role at the proper context in the Epic site.

Verification

  • Admins can perform expected Epic tasks; non-admins cannot.

What’s Next

Have all Epic administrators complete and earn certification in our self-paced HCE courses (HCE-201 and HCE-205) from the HCE Training Centre (linked in the footer of the Epic site). These courses provide a solid understanding of how our platform works; however, please note that Workplace for Epic has its own nuances, and some behaviours and options differ from the primary site.