This document describes the integration between eADM TietoEvry Gerica, an Electronic Patient Record (EPR) system for the healthcare sector. The integration automates user account management in Gerica based on data from your organization's Human Resources (HR) system.
Note: Identum does not provide support for Gerica; this is a product provided by TietoEvry. Identum only provides an integration between eADM Gerica.
For questions regarding the use and operation of the Gerica software itself, please contact support.gerica@tietoevry.com.
Overview
The integration uses the Lifecare Open API (version 2.0), which is limited to managing employee information and does not access patient data. The integration automatically creates and maintains user accounts in Gerica. When an employee leaves the organization or changes roles, their Gerica user account is automatically deactivated.
Note: User accounts are only deactivated; they are never permanently deleted.
Limitations
-
Access Rights Management: This integration cannot manage user rights or access levels within Gerica. This is a security-related limitation of the Gerica API.
-
Recommended Workflow: To manage access rights, we recommend configuring eADM send automatic email notifications to a designated administrator when a user is created or deactivated. This allows for the manual assignment and removal of permissions in Gerica.
Pre-configuration
Before Identum can configure the integration, you must complete the following steps in collaboration with TietoEvry.
-
Order and Install the API: You must order the Lifecare Open API from your TietoEvry Care contact. The API must be installed and configured within your infrastructure.
-
Provide API Credentials: Identum requires access to the "EmployeeV2" API. A client must be configured, and you need to provide us with the following information:
-
URL for the API
-
Customer ID
-
Customer Secret
-
-
Expose the API: The API must be accessible from the internet using a valid hostname, not just an IP address. The server's SSL certificate must be valid and match this hostname.
-
Verify Existing User Data: The integration links users in eADM users in Gerica based on their national identity number (11 digits, no spaces).
Warning: To prevent the creation of duplicate accounts, you must review all existing user accounts in Gerica and ensure that the correct national identity number is registered for each user.
Configuration
Once we receive the API credentials, we will test the connection. We will then schedule a workshop to finalize the configuration details.
Workshop Agenda:
-
Define the rules for which users are automatically provisioned in Gerica.
-
Specify which users can be manually granted access to Gerica and by whom.
-
Define the user data attributes to be exported from eADM Gerica.
-
Define the conditions under which a user's account in Gerica should be deactivated.
Once these points have been clarified, the integration can be activated.
Firewall Configuration
The Lifecare API is typically published on your organization's internal network (secure zone). Your firewall must be configured to allow inbound traffic from our IP address to the API's DNS address.
-
Source IP Address:
51.120.80.51 -
Destination Port:
443 -
Protocol:
TCP
Example Data Mapping
The following table shows an example of how user attributes from eADM be mapped to target fields in Gerica.
|
Source Attribute (eADM) |
Target Attribute (Gerica) |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|