When configuring the Epic application, it's a best practice to secure the Epic Interconnect Personnel Management/Security Web Service endpoint using WS-Security, at the moment (as of 7.2 GA) IdentityIQ doesn't support WS-Security for the Core endpoint. Below are the steps to enable WS-Security in the Epic application in IdentityIQ:
The authUserID and authUserPassword entries differ from the username/password entered into the application when configuring through the UI. This is the account that should be configured for the Interconnect Web Service when enabling WS-Security and doesn't need to exist within the Epic application (EMP Record).
In the above sample data, the Epic team created a local account (doesn't exist in Active Directory just in the Epic Interconnect configuration) which is why the authUserID is prefixed with local:
For Active Directory accounts, the authUserID will need to be prefixed with windows: (i.e. windows:epicsailpoint)