NOTE: |
Refer to Introduction to Configuring Authentication Methods before proceeding. |
NOTE: |
Implementing new users has licensing implications, contact us to ensure you have valid licensing. |
Epic OAuth authentication uses the ViewUser API to provide additional information due to the limited user profile information provided by the EPIC manifest URL. The ViewUser API is used to update user data if:
- The user logs into the Server using the Epic OAuth authentication method for the first time.
- The user's account has not been modified in the last calendar day based on user's time zone.
NOTE:
If the user has not set a timezone, then Universal Time Coordinated (UTC) is used.
- Properties that have a mapping are the only properties updated. Current values are overwritten if a property has a mapping enabled and the value in the ViewUser API is blank.
The custom help control in Epic can direct users to a context-sensitive help search or a specific location in the Learning Library. The Epic OAuth authentication token provides the claim information, parameter name and value, to direct the user appropriately. The In-Application Help Context Parameter is used to direct users to a context-sensitive search. The Content, Folder, and Project launch parameters are used to direct users to specific content, a specific folder within a project or a specific project, respectively. Only the most specific launch parameter value available will be used (content, folder or project). If no launch parameter values are available, the user will be directed to the Learning Library home page.
Perform the steps below to add an authentication method for Epic OAuth in the Server.
- Click the Administration cog on the navigation bar of the Management Center.
- Select in the left navigation menu.
- Choose from the following options:
NOTE:
To expand or collapse each authentication method information section, click the arrow beside the authentication method name. This setting will be saved.
If You Want To
Then
Add an authentication method
- Click the drop-down arrow to the right of the Add Method action button.
- Select .
- Go to the next step.
Edit an authentication method
- Click EDIT beside the authentication method you want to edit.
- Go to the next step.
Enable/disable an authentication method
Click the ON/OFF toggle beside the authentication method you want to turn on or off.
NOTE: You can have multiple authentications turned on, but you must have at least one turned on.
- Complete/edit the following fields:
Field
Description
Authentication Type
This field displays the authentication type Epic OAuth and cannot be modified.
Method Name
Enter a unique name to identify the authentication configuration.
Environment Type
Select which type of EPIC environment, Production or Non-Production, the authentication method supports.
Manifest Discovery URL
- Enter the discovery URL from which to get the manifest.
- Click GET MANIFEST.
NOTE: A green checkmark indicates a valid manifest.
- Click VIEW MANIFEST.
- Review the manifest.
NOTE: The manifest cannot be modified.
- Click Close.
Introspect URL
Enter the Introspect URL to allow for information about an access token to be returned.
In-application Help context parameter
Enter the parameter name of the context-sensitive help identifier.
The default value is epicoauthcsh.
NOTE: This parameter will be used if the request has context-sensitive routing.
Content launch parameter
Enter the parameter name of the identifier to direct users to a specific content item.
The default value is contentidentifier.
NOTE: If the request does not have context-sensitive routing, the most specific launch parameter will be used.
Folder launch parameter
Enter the parameter name of the identifier to direct users to a specific folder location.
The default value is folderidentifier.
NOTE: If the request does not have context-sensitive routing, the most specific launch parameter will be used.
Project launch parameter
Enter the parameter name of the identifier to direct users to a specific project location.
The default value is projectidentifier.
NOTE: If the request does not have context-sensitive routing, the most specific launch parameter will be used.
PROFILE MAPPING section
This section lists all of the user attributes available within a user account on the Server. You can map each user profile field to your IDP by entering a Claim for it. You can enter a default value for any claim that is not unique to a user by putting quotes around the value.
NOTE: User edits to a Claim supplied by an IDP will be overwritten by the IDP value.
Refer to Creating And Managing User Accounts for more information on each user profile field.
- Click Save.