Your suggested change has been received. Thank you.

Suggest A Change

Thank you! Your suggestion has been submitted.

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

There are some errors in your form.

Your Name This field is required

Your Email This field is required

How can we improve this content? This field is required

SAS PCE documentation
- Explore Thales Docs

SAS PCE
Agents
MobilePASS+
SafeNet Access Exchange
BSIDCA API
- BSIDCA endpoints
- BSIDCA custom attributes
Integrations
Account management
Release Notes

All

All

SafeNet Agent for Epic

Introduction

Please Note:

Agents
SafeNet Agent for Epic
- Introduction
- Installing the SafeNet Agent for Epic
- Configuring the SafeNet Agent for Epic
- Configuring settings via Group Policy Object Editor
- Upgrading the SafeNet Agent for Epic
- Troubleshooting
Synchronization Agent
SafeNet Agent for Windows Logon
- Installing, configuring, upgrading, and uninstalling the agent
- Deploying the agent via Group Policy Object
- Deploying the agent via Microsoft Intune
- Deploying the agent via Microsoft Endpoint Configuration Manager
- Troubleshooting and advanced configurations
- Running the solution
SafeNet Remote Logging Agent
SafeNet Agent for FreeRADIUS
SafeNet Agent for NPS
- Compatibility and Components
- Configuring NPS for RADIUS Clients
- NPS for Remote RADIUS Server Groups
- Configuring NPS to use SafeNet Agent
- Configuring CRP to use Local Authentication
- Install SafeNet Agent for NPS
- Upgrade SafeNet Agent for NPS
- Uninstall SafeNet Agent for NPS
- RADIUS return attributes
- Proxy server
- NPS settings
- NPS communication settings
- Configuring Exceptions for Migration Mode
- Authentication test
- NPS logging
- NPS localization
- PUSH notifications and NPS
SafeNet Agent for Keycloak
- Install SafeNet Agent for Keycloak
- Realm Configuration
- User Federation Setup
- Customization
- Integrations using Keycloak
- Logging in SafeNet Agent for Keycloak
- Test the End User Login Flow
- Troubleshooting
SafeNet Java Authentication SDK
- Installing and Upgrading SafeNet Java Authentication SDK
- API Java Class
- Configuring SafeNet Java Authentication SDK
- Running the Sample
- Use Case Scenarios
- Agent Key File and Additional Deployment
- Troubleshooting
SafeNet Agent for Pluggable Authentication Module
- Installing, Upgrading, and Uninstalling the Agent
- Configuring the Agent
- Applying Multi-Factor Authentication
- Group Filtering
- Running the Agent
SafeNet Agent for macOS Logon Classic
- Installing, Upgrading and Uninstalling the Agent
- Configuring the Agent
- Testing the Agent
SafeNet Agent for Microsoft IIS
- Installing SafeNet Agent for Microsoft IIS
- Configuring SafeNet Agent for Microsoft IIS
- Configuring Initialization File for Specific Request Headers (Optional)
- Upgrading SafeNet Agent for Microsoft IIS
- Testing SafeNet Agent for Microsoft IIS
- Troubleshooting SafeNet Agent for Microsoft IIS
SafeNet Agent for Microsoft Outlook Web App
- Authentication modes
- Installing SafeNet Agent for Microsoft OWA
- Integrating Microsoft OWA with SafeNet Access Exchange
- Configure Authentication types
- Upgrade SafeNet Agent for Microsoft Outlook Web App
- Configure SafeNet Agent for Microsoft Outlook Web App
SafeNet Agent for ADFS
- Installing SafeNet Agent for ADFS
- Configuring SafeNet Agent for ADFS
- Configure authenticator support
- Running the AD FS solution
SafeNet Agent for Password Self-Service
- Security Considerations
- Installation and Configuration
  - Agent
  - Configure Password Self Service (PSS) Agent with SafeNet Access Exchange
- Solution Testing
- Troubleshooting
SafeNet Agent for TokenValidator Proxy
- Install or upgrade SafeNet Agent for TVP
- Configure SafeNet Agent for TVP
More Agents

SAS PCE documentation
Agents
SafeNet Agent for Epic
Introduction

Introduction

Epic Systems is one of the largest providers of health information technology, used primarily by large U.S. hospitals and health systems to access, organize, store and share electronic medical records. It enables medical organizations (and individuals) to perform actions such as medication scheduling, ordering, dispensing and e-prescription downloading. Hyperspace is legacy client application and they are now moving to a Chromium web-based framework, Hyperdrive.

The SafeNet Agent for Epic is a client-side agent that supports Direct authentication against a user ID. The agent is a best-in-class authentication solution, providing maximum security and performance, certified to the highest security standards.

User flow

The following steps broadly depict the flow of actions for the agent solution:

Agent Flow

A user logs into the Epic using username and password.
If the user proceeds to sign the controlled substances patient records, the SafeNet solution is called (through the agent) for elevated access check.
The configured authentication for the second factor is displayed.
Once authenticated, the user is allowed to sign and download the records.

Agent authentication methods

Authentication methods allows to combat online fraud activities (such as phishing) and help maintain password integrity by making it more difficult for customers to lose or share passwords.

The SafeNet Agent for Epic supports the Direct method, meaning an ID is needed to authenticate users. The device determines whether the object being authenticated corresponds to the provided ID, or not.

Prerequisites

Ensure that the following prerequisites are met:

Ensure that the Epic Hyperspace/Hyperdrive application is already installed on the system where the agent is proposed for the installation.
Ensure that the user has administrative rights for installing and configuring the SafeNet Agent for Epic.
To successfully configure and implement the SafeNet Agent for Epic solution, the administrator must be familiar with SafeNet Authentication Service (SAS) Cloud or SAS Service Providers Edition (SAS SPE)/ SAS Private Cloud Edition (SAS PCE). Create an account in SAS Cloud or SAS PCE 3.9.1 (and above).

Security recommendations

If you are using the Transport Layer Security (TLS) channel to secure requests between Token Validator Proxy (TVP) [recommended: TVP v2.0] and the SafeNet Agent for Epic, follow the steps to enable the TLS:

To enable TLS on TVP server in the Internet Information Services (IIS) Manager, you need to create a Hypertext Transfer Protocol Secure (HTTPS) binding for the Default web site, by following the steps:

a. Click Start > Control Panel > Administrative Tools > Internet Information Services (IIS) Manager.

b. In the left pane of the IIS window, right-click the Default Web Site and click Edit Bindings.

c. Create an HTTPS binding by using either a self-signed or a Certificate Authority (CA) certificate.

Note

The certificate name should match the Uniform Resource Locator (URL) address of the token validator site.
Navigate to the following Registry Editor path: HKLM\Software\CryptoCard\TokenValidator

Change URL of the token validator to include HTTPS.
On the Client side, import the root CA certificate into the trusted root CA store.
On the Epic Management Console, select Communication > Use SSL checkbox [next to Primary Server URL (or Failover Server URL) field] to ensure that the HTTPS is used as the protocol to establish the connection.

System requirements

Interoperability

Supported operating systems:

Windows 11
Windows Server 2016 (64-bit)
Windows Server 2019 (64-bit)
Windows Server 2022 (64-bit)
Windows Server 2025 (64-bit)

Software component

Microsoft .NET Framework 4.6

Configuration component

SafeNet Epic Management Console utility

Supported tokens

All authentication tokens currently supported by SafeNet Authentication Service except Push OTP.

On this page

SafeNet Authentication Service Private Cloud Edition

© Copyright 2019-2026, Thales Group

supportportal.thalesgroup.com Support contacts

Support
- Customer Release Notes
- Customer Support Portal
Legal

© Copyright 2019-2026, Thales Group

supportportal.thalesgroup.com >Support contacts