Identity Continuity for Epic EHR

Identity continuity is becoming a strategic imperative for health systems that rely on Epic as their clinical backbone. When an organization delegates authentication to a cloud IdP such as Microsoft Entra ID, any outage can halt clinician workflows, delay patient care, and trigger revenue loss. Strata Maverics addresses this risk by inserting an orchestration layer that abstracts the IdP from Epic, allowing seamless failover to a secondary provider like Keycloak. The health‑check model monitors discovery endpoints every 30‑60 seconds, automatically routing new sessions to the healthiest connector while preserving the exact SMART on FHIR claims Epic expects. This design eliminates the need for costly re‑registration of clients or JWKS updates whenever an IdP is replaced or upgraded.

Beyond uptime, the solution reinforces security and compliance. PKCE remains end‑to‑end for user‑initiated launches, and JWT assertions retain their RS256 or ES256 signatures for backend services, ensuring that existing conditional‑access policies and audit requirements stay intact. During a failover, Maverics logs a break‑glass event, providing a tamper‑evident record that satisfies regulators and internal governance. The architecture also scales to disconnected or edge deployments—critical for field hospitals, disaster‑response units, and rural clinics—by running locally and authenticating against a pre‑staged Keycloak realm when WAN connectivity to Azure is lost.

For health‑IT leaders, adopting an identity‑continuity layer simplifies the broader identity fabric across the Epic ecosystem. Future extensions can cover SAML‑based Hyperdrive, MyChart OIDC, and service‑account directories without redesigning each integration. By decoupling Epic from any single IdP, organizations gain agility to adopt new authentication technologies, negotiate better vendor contracts, and meet stringent uptime SLAs—all while keeping clinicians focused on patient care rather than login errors.