Your suggested change has been received. Thank you.

Suggest A Change

Thank you! Your suggestion has been submitted.

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

There are some errors in your form.

Your Name This field is required

Your Email This field is required

How can we improve this content? This field is required

STA documentation
- Explore Thales Docs

SafeNet Agent for Epic
SafeNet Trusted Access
SafeNet Agents
SafeNet MobilePASS+
API references
Account management
Release notes

All

All

SafeNet Agent for Epic

Introduction

Please Note:

SafeNet Agents
SafeNet Agent for Epic
- Introduction
- Pre-installation
- Installation
- Configuration
- Group Policy Configuration
- Testing the Solution
- Upgrading the Agent
- Uninstalling the Agent
- Troubleshooting
SafeNet Synchronization Agent
- Install SafeNet Synchronization Agent
- LDAP synchronization server
- SafeNet Synchronization Agent for LDAP
- Configure for SQL
- Synchronization groups
- AD password synchronization
- Grant synchronization permission
- Transaction and synchronization details
- View the LDAP schema
- Aliases 3 and 4
- Configuration options
- Event notifications
- Browse the user source
- Start and stop SafeNet Synchronization Agent
- Backup or restore configurations
- SafeNet Synchronization Agent log files
- Synchronize users from Microsoft Entra ID
- SafeNet Synchronization Agent - Frequently Asked Questions
- SafeNet Synchronization Agent Release Notes
SafeNet Logging Agent
- Log event types
- SafeNet Logging Agent Release Notes
SafeNet Agent for FreeRADIUS
- Setting up FreeRADIUS API for SAS PCE/SPE
- Download BSID and JWT Keys
- Install FreeRADIUS
- Upgrade FreeRADIUS
- Startup Script
- Manual Client Updater
- Troubleshoot SafeNet Agent for FreeRADIUS
- About Protected Extensible Authentication Protocol
SafeNet Agent for Microsoft IIS
- System requirements
- Pre-installation
- Installation
- Management
- Enabling the agent
- Configuring the INI file
- Testing the solution
SafeNet Agent for NPS
- Compatibility and Components
- NPS for RADIUS Clients
- SafeNet agent for NPS
- Install SafeNet Agent for NPS
- Uninstall SafeNet Agent for NPS
- Upgrade SafeNet Agent for NPS
- RADIUS return attributes
- Proxy server
- NPS settings
- NPS communication settings
- Authentication test
- NPS logging
- NPS localization
- PUSH notifications and NPS
- SafeNet Agent for NPS
SafeNet Agent for Windows Logon
- Installation and Configuration Overview
- System Requirements
- Windows Logon Agent - Authentication Methods
- Pre-installation
- Installing the agent
- Upgrading the agent
- Uninstalling the agent
- Deploying the agent via Group Policy Object
- Deploying the agent via Intune
- Deploying the agent via Microsoft Endpoint Configuration Manager
- Registry Settings
- Management
- Troubleshooting and Advanced Configurations
- Running the Solution
- Passwordless Windows Logon
- Passwordless Setup
- Customizing SafeNet Desktop Logon Application
- Annexure
SafeNet Agent for macOS Logon
- Pre-installation
- Installing, Configuring, Upgrading, and Uninstalling the agent
- Management
- Testing the Solution
SafeNet App Gateway
- System Requirements
- Security Recommendations
- Single Sign-On (SSO) Support for SafeNet App Gateway
- Pre-installation
- Generic Template for SafeNet App Gateway
- Oracle PeopleSoft
- Jenkins Application Configuration in SafeNet Trusted Access
- Deployment options
- Installing the Agent
- Configuring the Agent
- Upgrading and Uninstalling the Agent
- Plugin Model
- Troubleshooting
- Testing the Solution
SafeNet Agent for Microsoft Outlook Web App
- Installation and configuration
- Authentication mode
- SafeNet Agent for Microsoft Outlook Web App Manager
- Updating REDIRECT URL
- Testing the solution
SafeNet Agent for Password Self-Service
- Security Considerations
- Installation and Configuration
  - Application
  - Agent
  - Policy
- Solution Testing
- Troubleshooting

STA documentation
SafeNet Agents
SafeNet Agent for Epic
Introduction

Introduction

Epic Systems is one of the largest providers of health information technology, used primarily by large U.S. hospitals and health systems to access, organize, store and share electronic medical records. It enables medical organizations and individuals to perform actions such as medication scheduling, ordering, dispensing and e-prescription downloading. Hyperspace is legacy client application and they are now moving to a Chromium web-based framework, Hyperdrive.

The SafeNet Agent for Epic is a client-side agent that supports Direct authentication against a user ID. The agent is a best-in-class authentication solution, providing maximum security and performance, certified to the highest security standards. It enables to:

Apply access management features to manage and control user accesses.
Take advantage of the industry-leading SafeNet solution to provide secure Two-Factor Authentication (2FA).

This release follows a template-based setup and is a scalable, customizable and a more productive agent solution. Critical application management and policy tasks, now handled at the service level, ensures that the agent's manager console is reduced, resulting in better productivity and faster processing.

Supported Use Case

The SafeNet Agent for Epic enables seamless integration with Hyperspace, Epic's legacy client application and Hyperdrive, a Chromium web-based framework. Deploying the SafeNet agent in Epic's environment provides a capability to verify identities and sign records before accessing health records and performing related actions.

The supported use case is presently limited to the application of 2FA while signing the controlled substances patient records. The agent's functionality, though can be extended, to support Epic's other use cases with future releases.

Agent Authentication Methods

Authentication methods allows to combat online fraud activities (such as phishing) and help maintain password integrity by making it more difficult for customers to lose or share passwords.

The SafeNet Agent for Epic supports the Direct method, meaning an ID is needed to authenticate users. The device determines whether the object being authenticated corresponds to the provided ID, or not.

User Flow

The following steps broadly depict the flow of actions for the agent solution:

A user logs in to the Epic using username and password.
If the user proceeds to sign the controlled substances patient records, the SafeNet solution is called (through the agent) for elevated access check.
The configured authentication for the second factor is displayed.
Once authenticated, the user is allowed to sign and download the records.

Prerequisites

Ensure that the Epic Hyperspace or Hyperdrive application is already installed on the system where the agent is proposed for the installation.
Ensure that the user has administrative rights for installing and configuring the SafeNet Agent for Epic.
To successfully configure and implement the SafeNet Agent for Epic, the administrator must be familiar with SafeNet Authentication Service (SAS) Cloud or SAS Service Provider's Edition (SAS SPE) or SAS Private Cloud Edition (SAS PCE) and the SafeNet Trusted Access (STA).

Create an account in SAS Cloud or SAS PCE 3.9.1 (and above). For more information, refer to Support Contacts.

Security Recommendations

If you are using the Transport Layer Security (TLS) to secure requests between Token Validator Proxy (TVP) [recommended: TVP v2.0] and the SafeNet Agent for Epic, follow the steps to enable the TLS:

To enable TLS on TVP server in the Internet Information Services (IIS) Manager, you need to create a Hypertext Transfer Protocol Secure (HTTPS) binding for the Default website, by following the steps:

a. Click Start > Control Panel > Administrative Tools > Internet Information Services (IIS) Manager.

b. In the left pane of the IIS window, right-click the Default Web Site and click Edit Bindings.

c. Create an HTTPS binding by using either a self-signed or a Certificate Authority (CA) certificate.

Note

The certificate name should match the Uniform Resource Locator (URL) address of the token validator site.
Navigate to the following Registry Editor path: HKLM\Software\CryptoCard\Token Validator

Change URL of the token validator to include HTTPS.
On the Client side, import the root CA certificate in the trusted root CA store.

Environment

Interoperability

Supported operating systems:

Windows 11
Windows Server 2016 (64-bit)
Windows Server 2019 (64-bit)
Windows Server 2022 (64-bit)
Windows Server 2025 (64-bit)

Software Component

Microsoft .NET Framework 4.6

Configuration Component

SafeNet Epic Management Console utility

Supported Web Browsers

Internet Explorer 11
Microsoft Edge
Mozilla Firefox
Google Chrome

Supported Tokens

All tokens supported by SafeNet Trusted Access

On this page

SafeNet Trusted Access

© Copyright 2019-2026, Thales Group

supportportal.thalesgroup.com Support contacts

Support
- Customer Release Notes
- Customer Support Portal
Legal

© Copyright 2019-2026, Thales Group

supportportal.thalesgroup.com