Notifications
Clear all
Topic starter
06/06/2026 2:07 am
TL;DR: During identity provider outages, Maverics keeps Epic users, SMART on FHIR launches, and backend service tokens working by fronting OAuth and OIDC flows, normalizing claims, and failing over to a healthy connector in seconds, according to Strata Identity. The governance issue is not just resilience but preserving clinical uptime without turning Epic into a reconfiguration project.
NHIMG editorial — based on content published by Strata Identity: identity continuity for Epic when the IdP goes down
Questions worth separating out
Q: How should security teams design Epic identity continuity when the primary IdP fails?
A: Use an orchestration layer that fronts Epic's authentication endpoints, keeps Epic registration stable, and routes new logins to a healthy secondary provider when the primary is unavailable.
Q: Why do healthcare identity failures create operational risk beyond login problems?
A: Because Epic authentication gates clinical work, backend services, and patient access.
Q: What breaks when identity provider failover is not separated from the application?
A: The application inherits provider churn, which means migrations, outages, and policy changes force reconfiguration and can interrupt user authentication.
Practitioner guidance
- Decouple Epic from provider lifecycles Front Epic with an orchestration layer so the EHR keeps one registration, one JWKS, and one SMART configuration while upstream providers change behind it.
- Define health-based failover thresholds Set discovery polling intervals and unhealthy thresholds before production use so login routing changes only after a provider is explicitly marked unhealthy.
- Document break-glass audit rules Write down when failover is permitted, who approves it, and how the deviation window is recorded so emergency access stays attested.
What's in the full article
Strata Identity's full article covers the implementation detail this post intentionally leaves for the source:
- Step-by-step failover sequence for Entra ID and Keycloak in the Maverics Orchestrator
- Epic registration details for SMART on FHIR, JWKS, and backend JWT flows
- Health-check thresholds and discovery endpoint polling behaviour in production
- Disconnected Mode handling for edge, rural, and air-gapped care environments
👉 Read Strata Identity's analysis of Epic identity continuity and provider failover →
Epic identity continuity: what happens when the IdP goes down?
Explore further
06/06/2026 3:36 am
Identity continuity is now a governance problem, not just an availability pattern. The article treats Epic access as a clinical uptime dependency, which is the right framing for healthcare identity architecture. When authentication fails, the business impact is not limited to login friction. The governance question becomes how to preserve controlled access while avoiding app-level reconfiguration every time the upstream provider changes. Practitioners should treat continuity as part of identity operating model design.
A few things that frame the scale:
- 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures, according to Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which is why continuity designs need governance as much as routing logic.
A question worth separating out:
Q: Who is accountable for emergency access during identity failover?
A: The identity and application owners are accountable for defining break-glass conditions, approving the deviation path, and preserving audit evidence. If emergency access is not documented and reviewable, resilience becomes an accountability gap instead of a control.
👉 Read our full editorial: Identity continuity for Epic depends on provider failover
