Navigation
Getting StartedUpdated July 3, 2026

Phase 1: Foundation Access Setup

onboardingaccess-setupsecure-accessgithubazurecyberarkidentity-managementphase-1
<!-- Due to indented blocks for lists within admonition blocks --> <!-- markdownlint-disable MD046 -->

Phase 1: Foundation Access Setup

**[← Back to Overview](onboarding/)** | **[Next: Development Tools →](onboarding-tools/)**
Set up essential accounts and permissions for Epic on Azure platform access. This foundation enables everything else in your onboarding journey.

**Estimated Time:** 2-3 hours (including approval wait times)

Phase 1 Checklist


Secure Access Portal

All access requests start here: secure.uhc.com

Consider grouping similar access requests together to reduce approval time. However, each request must be completed in its entirety for implementation.
- **Primary MSID**: Use for read-only access and general operations
- **Secondary MSID**: Required for administrative and privileged access
- **Azure Cloud ID**: Separate account for Azure operations (`[email protected]`)

GitHub Enterprise Access

Get access to our Epic on Azure codebase and collaboration platform.

**Request these groups in Secure:**

- `azu_ghec_users` - GitHub Enterprise access with cloud ID
- `azu_ops_ghec_users` - Optum Tech Organization access
- `ohemr_contributors` - Epic on Azure team member access
- `AZU_GitHub_Copilot_Business_Users` - Access to GitHub Copilot Business features including the current Claude and OpenAI models surfaced in VS Code Copilot Chat (model availability is set by GitHub and rotates over time)
**For external team members:**

- `ohemr_ext_contrib` - Write access for external contributors

**What You'll Get Access To:**

- [Epic on Azure GitHub Organization](https://github.com/optum-tech-compute)
- [OHEMR Sub-Organization](https://github.com/optum-tech-compute/.github/blob/main/.github/suborgs/ohemr.yml)
- Repository templates and automation workflows
- Issue tracking and project management tools

Azure Account

Configure access to our Azure subscriptions and resources.

Azure Read Access (Most Users)

Platform: Windows → MS Domain

!!! example "Azure Read Groups"

Request the per-subscription `AZU_<subscription-guid>_Read` groups for the
Epic on Azure subscriptions you need read access to. The exact group list
drifts as subscriptions are added or retired — do not rely on a static
list embedded in this page.

**Source of truth:**

- Look up the active subscription IDs in [secure.uhc.com](https://secure.uhc.com)
  → Request New Access → Azure → search `AZU_*_Read` and filter to AIDE
  `0085665` / `0085666`.
- Cross-check against the environment Terraform repos under
  [`optum-tech-compute`](https://github.com/optum-tech-compute) (e.g.
  `ohemr-epic-pro-001`, `ohemr-epic-npd-001`) for subscription GUIDs.
- Ask in `#epic-azure-support` if you cannot find the canonical list.

Azure Write Access (Advanced Users Only)

Write access is limited and requires business justification. Coordinate with your team lead before requesting.

Create Azure Cloud Account:

  1. Go to secure.uhc.com → Request New Access → Azure
  2. Platform: Azure, Domain: UHG Azure
  3. Create new User ID: [email protected]
  4. Add required JIT Contributor groups (only if approved)

JIT Contributor Groups:

  • AZU_[subscription-id]_Contributors_JIT

Azure Account Setup

1. Go to [secure.uhc.com](https://secure.uhc.com) → My Access → Request History
2. Find your `UHG Azure User ID` request
3. Password is listed under `UHG Azure Initial Password`

Password Reset Process:

  1. secure.uhc.com → My Access → Password Maintenance
  2. For @optumcloud.com account → Forgot Password
  3. Use Temporary Access Password (TAP) to login at portal.azure.com
  4. Configure MFA and reset password

Identity and Secrets

Configure access to security tools and privileged account management.

Secure Administrative Workbench (SAW)

!!! example "Access Request"

- Application: `Secure Workbench`
- Role: `Cloud SAW Role`

CyberArk Privileged Access Management

Setup Process:

  1. secure.uhc.com → Request New Access → Application
  2. Search for: Privileged Access Management
  3. Choose: CyberArk - Application Access Manager
  4. Create User ID using Primary MSID only
  5. Add vault access: AAM-CORE-AIDE-0085665
- **Vault Namespace:** `0085665` (Epic on Azure vault)
- **URL:** Access through CyberArk portal after approval

Secondary User ID (For Administrative Access)

Administrative access, elevated privileges, sensitive operations

Setup Process:

  1. secure.uhc.com → Request New Access → Windows
  2. Platform: Windows, Domain: MS
  3. Create New User ID
  4. Use for administrative group requests

Phase 1 Validation

Before moving to Phase 2, verify your foundation access:

Quick Verification Checklist

- [ ] Can access [Epic on Azure Organization](https://github.com/optum-tech-compute)
- [ ] Can view repository lists
- [ ] GitHub username shows correct organization membership
- [ ] Can login to [Azure Portal](https://portal.azure.com)
- [ ] Can see assigned subscriptions in dropdown
- [ ] Can navigate to resource groups (even if empty)
- [ ] Can login to [secure.uhc.com](https://secure.uhc.com)
- [ ] Can view "My Access" to see granted permissions
- [ ] Can navigate request history

Common Issues & Solutions

!!! failure "Access Denied Errors"

1. Check if requests are still "Pending Approval"
2. Verify you're using the correct User ID for each platform
3. Some approvals take 24-48 hours

!!! failure "Multi-Factor Authentication Issues"

1. Download Microsoft Authenticator app
2. For Azure accounts, avoid using SMS if possible
3. Contact IT Help Desk for MFA reset if needed

What's Next?

Great job! You now have the foundation accounts needed for Epic on Azure development.

**Next Step:** [Continue to Phase 2: Development Tools →](onboarding-tools/)

**Phase 2 Preview:**

- Set up Terraform for infrastructure management
- Configure HashiVault for secrets management
- Access monitoring platforms (Splunk, Dynatrace)
- Join team communication channels

Getting Help with Phase 1

!!! question "Access Issues"

- **IT Help Desk:** For Secure portal and account problems
- **GitHub Issues:** [Create issue](https://github.com/optum-tech-compute/ohemr-epic-megadoc/issues) for documentation problems
- **Team Channel:** #epic-azure-support for general questions

!!! question "Approval Delays"

- Most access requests process within 24-48 hours
- Complex requests (like Azure write access) may take longer
- Contact your team lead if requests are delayed >3 business days

Phase 1 Foundation Access | Epic on Azure Team Onboarding