Imprivata OneSign Authentication Methods
Imprivata OneSign offers many administrative tools to simplify and monitor user access to network resources. A wide variety of authentication methods for authenticating to Imprivata OneSign are supported.
- Each user must have at least one authentication method for logging in to Imprivata OneSign and unlocking workstations.
- Users also use their authentication methods when challenged, as described in User Challenges.
Two-Factor Authentication
Imprivata OneSign offers a two-factor authentication solution that strengthens IT security by requiring users to provide a second form of identification for authentication. Imprivata OneSign supports the following first and second factors for authentication. For some first factors, you can allow a limited user choice for the second factor. For example, if proximity card is the first factor, you can allow fingerprint or network password as the second factor.
| First Factor | Second Factor |
|---|---|
| Network Password |
|
| Fingerprint Authentication |
|
| Passive Proximity Cards |
|
| FIDO Security Key |
|
| Smart Card or Smart USB Token | Any available authentication method the card or token has, for example, a PIN |
| One-time password (OTP) token (OneSpan/VASCO OTP Tokens, Symantec VIP Credential, or External ID Tokens) |
|
| Security Questions (Q&A) | None |
* The Ohio State Board of Pharmacy does not currently allow Imprivata ID as an authentication method for non-EPCS workflows.
Imprivata ID for Windows Access
Imprivata offers two-factor desktop authentication with Imprivata ID:
-
The user logs into the desktop with their username and password.
-
Imprivata ID sends a push notification to the user's device.
-
The user accepts and is granted access.
This workflow can be configured by user policy, by computer policy, or a combination of both. See Imprivata ID for Windows Access.
Additional Authentication
In addition to strong authentication methods, Imprivata OneSign provides the following methods for securing access to Imprivata OneSign:
-
Remote Device Authentication — Allows remote authentication between any two computers with Imprivata agents, even if the remote computer requires a proximity card, smart card, fingerprint scanner, or other device for authentication.
-
Imprivata OneSign ProveID — Allows external applications or devices to access Imprivata OneSign authentication services.
-
Imprivata ProveID Embedded — Allows thin clients to access virtual desktops, applications, and Imprivata OneSign authentication services. Click the link to see a table of supported first and second factor authentication methods for Imprivata ProveID Embedded.
Note that in Imprivata offline mode, Imprivata ProveID Embedded primary authentication methods are limited to only password or proximity card, and two-factor authentication methods are limited to proximity card plus password.
-
For Persistent Applications — When configuring Imprivata support for persistent applications in Citrix XenApp® published desktops, see the list of supported first and second factor authentication methods in Configuring Persistent Applications for Citrix XenApp with Manually Launched Applications.
-
Offline Authentication — Allows users to log into Imprivata OneSign when the Imprivata agent cannot connect to the Imprivata server. This is useful for users who might spend a lot of time disconnected from the network. Click the link to see the list of authentication methods that can and cannot be used for offline authentication.
-
Walk-Away Security — A comprehensive set of tools for securing unattended workstations.
The Imprivata Confirm ID Authentication Methods topic in the Imprivata Confirm ID help provides a table of two-factor authentication methods supported for Imprivata Confirm ID, plus a link to lists of authentication methods allowed for Imprivata Confirm ID workflows such as for Electronic Prescription of Controlled Substances (EPCS).
