Setting Computer Policies to Override User Policies
Override and Restrict settings allow you to override user policy for all computers in a computer policy. User policies take precedence over computer policies, except when Override and Restrict settings apply.
In the Imprivata Admin Console, go to the Computers menu > Computer policies option. These settings are available on each computer policy's Override and Restrict tab.
Single Sign-On Overrides
Single Sign-On (SSO) overrides allow computers with this policy to:
- Allow offline SSO, and specify the duration (in days)
- Make the Password Manager accessible from the agent menu
- Allow or disallow users from bypassing Imprivata OneSign SSO.
If you do not use Imprivata OneSign SSO for application access control, then this feature is not displayed. Imprivata OneSign Single Sign-On is fully detailed in Imprivata OneSign SSO.
Challenges Overrides
Challenges overrides allow computers with this policy to:
-
Set a hot key to lock workstation or log off
-
Control whether the hot key suspends the Imprivata OneSign session or logs off the user and terminates the session
-
Challenge users transitioning from offline to online
-
Set the time interval between challenges
Challenges are described in User Challenges; hot keys are described in Setting a Hot Key to Lock a Workstation.
Desktop Access Authentication Restrictions
Authentication overrides allow computers with this policy to:
-
Configure more secure authentication methods than required in user policy.
-
Disallow Offline Authentication.
-
Allow or disallow emergency user access to Imprivata OneSign via security questions.
NOTE: In Imprivata OneSign 5.0 and later, authentication overrides have changed only when the computer override settings require a license that is not enabled in user policy. You may need to assess these settings when evaluating your licensing needs. For example, if the Override & Restrict settings enable fingerprint authentication but the user is not licensed for it, the user cannot log into that computer with their finger.
For details of these features:
-
Desktop authentication methods are described in Enterprise Access Management SSO Authentication Methods.
-
Offline authentication is described in Offline Authentication.
-
Emergency access via security questions is described in Authenticating to Enterprise Access Management via Security Questions (Q&A).
NOTE: You can also change the security questions, but security questions are global. Changes you make here apply to all security questions.
