This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

User gets removed from All Epic Users OnBase group

Michelle_Troxel
Elite Collaborator
Elite Collaborator

‎01-27-2022 05:02 AM

We have AD integration for all our OnBase security groups except the All Epic Users. They "automagically" get added to the All Epic User group when the user is in Epic and launches FOS or the Epic Viewer. I have one user who keeps getting removed from the All Epic User group. Well, one that I know of. I have manually added her to the group in OnBase config 2 days in a row now. I checked this morning and the group is not listed for her in OnBase again. The behavior we see is when she clicks on a document or tries to scan, it just hangs then gives an error message saying 'Please wait for the local session manager.' She does have another OnBase security group assigned that is specifically for scanning in Unity. She can sign into Unity and has the proper rights for that other security group.

 

Any ideas what is going on? She isn't inactive. She's been with us for about 1.5 years now and just recently had this issue.

 

We are version 18 and not using the IDP set up yet.

 

thanks

Michelle

 

Labels:
0 Kudos
9 REPLIES 9

Ryan_Wakefield
World-Class Innovator
World-Class Innovator

‎01-27-2022 06:52 AM

Could she possibly be hitting a specific server that is causing the issues? I don't know how many application servers you have running so I am not sure if this might be in scope of the issue or not.

0 Kudos

Michelle_Troxel
Elite Collaborator
Elite Collaborator
In response to Ryan_Wakefield

‎01-27-2022 07:49 AM

@Ryan Wakefield we have 2 app servers, supposedly set up exactly the same. What is your thought process that it could be tied to that? Trying to follow.

I just tested in test by signing in as that user in Epic. It added the group to the account. I wish we had that option in OnBase - to override the user and sign in as them for troubleshooting. I wonder if there is something about when she signs into OnBase, then it removes any non-AD linked groups. But if that were true, I would have many more complaints.

0 Kudos

Frank_Duca2
Champ in-the-making
Champ in-the-making

‎03-25-2022 09:37 AM

With AD integration, during login all the AD groups a user belongs to are sent to OnBase.  If this list is empty, OnBase processes that as "user is in no groups" and then removes the user from all OnBase user groups so that OB security and AD are in sync.  Typically, the sending authority is not configured to send any groups upon Login and some changes on the AD/Directory side are necessary.

0 Kudos

David_Juhlin
Elite Collaborator
Elite Collaborator
In response to Frank_Duca2

‎06-24-2024 09:07 AM

When an OnBase group is NOT specifically mapped to an AD group (when using the AD Integration security) then there are two sets of behaviors based on the "Managed manually" option:

1. If Managed manually is set, then Admins (or services) can add a user to the group, and if the user logs in through a client (Unity, Web, etc.) then the user IS NOT removed from the group.

2. If Managed manually is not set, then Admins (or services) can add a user to the group, but if the user logs in through a Client (Unity, Web, etc.) then the user IS removed from the group.

 

I think the recommendation for ALL EPIC USERS and ALL EPIC PHYSICIANS is to list them as Managed manually.

 

When using SMART on FHIR for the Epic Integration, then the ALL EPIC USERS group should also be listed as the default group in the FHIR/IdP settings.

 

@Michelle Troxell :  If you run Diagnostics Console and monitor while that one user logs in to FOS/Epic you should see her being added to ALL EPIC USERS (if she isn't there already). Then if you have her log in to Unity/Web/etc. you will probably see her removed from ALL EPIC USERS.  This is expected if ALL EPIC USERS is not "Managed manually".

 

My expectation is that she connects to Epic/FOS, but then logs in to the Unity Client (removing her from ALL EPIC USERS so then she cannot view/scan in Epic.

0 Kudos
Getting started

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC