Imprivata Documentation | Imprivata Enterprise Access Management (Confirm ID) 24.3 | Topic updated: March 31, 2025

Application Profile Generator Support for Chrome and Edge Chromium

Imprivata OneSign 7.11 and later, which run only on G4 (fourth generation) enterprises, support running the Imprivata OneSign Application Profile Generator (APG) on Google Chrome and Microsoft Edge Chromium browsers for all the application types listed in the topic Application Types.

OneSign 7.10 for G4 enterprises, and OneSign 7.10 and 7.9 for G3 (third generation) enterprises, support running the APG on Chrome and Edge Chromium for most of those same Application Types, but not for terminal emulators, other host-based applications, and hybrid applications that contain host-based applications. For those unsupported application types, instead open the Imprivata Admin Console and the APG in Internet Explorer.

To run Imprivata APG on Chrome or Edge Chromium for G4 enterprises, you first must either migrate your G3 enterprise to a G4 enterprise, including Imprivata appliances and endpoint agents, or install new G4 appliances and endpoint agents in a new G4 enterprise.

To run Imprivata APG on Chrome or Edge Chromium for G3 enterprises, you first must upgrade to OneSign 7.10 or 7.9 the Imprivata G3 appliances and the Imprivata endpoint agents in your G3 enterprise.

On both G4 and G3 enterprises, the affected endpoint agents include the agents on administrators' computers, where the agents must be running. The agent installer installs, but does not enable, an Imprivata OneSign Single Sign On (SSO) browser extension from the Chrome web store. You must enable this extension on administrators' computers to be able to open and run the Imprivata APG. For instructions on enabling the extension, see either Support for Applications that Run in Google Chrome or Support for Applications that Run in Edge Chromium. For the minimum supported version of Chrome, see the "Browsers" section of Imprivata OneSign Supported Components.

Support for Existing and New Application Profiles in Imprivata OneSign 7.9 and Later

Existing application profiles created before Imprivata OneSign 7.9 that do not require IE mode continue to work for SSO in Imprivata OneSign 7.9 and later.

However, existing profiles that require IE mode do not work in the Imprivata OneSign 7.9 base version release. To use those profiles with 7.9, you must first install Imprivata OneSign 7.9 HF1 (or later), including applying the Imprivata agent for the hotfix to all endpoints. You must then convert your existing IE-based application profiles to Microsoft Edge-based application profiles using an Imprivata conversion program, and deploy the converted profiles to the endpoints.

Similarly, if you had existing application profiles that require IE mode, and you migrated to a G4 enterprise before converting those profiles, then you can convert those profiles into Edge-based profiles using the same conversion program used with 7.9 HF1 or later.

For instructions on downloading and using the profile conversion program, log into the Imprivata Customer Experience Center and search for Knowledge Article number 26249, entitled "APG Profile Conversion instructions for use with IE-Mode on supported OneSign Agent versions." The article also applies to all supported Imprivata OneSign versions after installation of the corresponding hotfix per release that is specified in the article.

You can deploy new application profiles only to Imprivata agents that have the same or a later Imprivata OneSign release as the release on which the profile was created. Therefore, to deploy a new profile created on Imprivata OneSign 7.9 or later, you must first upgrade the endpoint agents to 7.9 or later.

You can deploy an edited version of an existing profile to all agents that match the original version or later. Therefore, using Imprivata OneSign 7.9 or later, you can modify application profiles created before 7.9, and deploy them to endpoint agents that have previous Imprivata OneSign releases. When saving such an edited profile, click OK to deploy it when you see a message such as, "Saving this profile with the addition of V7.9 features will require upgrading the Imprivata Agent for all users with SSO to the application." In this case, you do not have to upgrade those agents to 7.9 or later. However, the updated version of the profile may use features that the older agents do not support.

Support Limitations for Internet Explorer Compatibility Mode in Edge Chromium

Imprivata OneSign support for Internet Explorer compatibility mode in Microsoft Edge Chromium has the following limitations:

Creating or editing profiles in Edge Chromium for use in IE mode is not supported. Internet Explorer must be installed and available for use on an administrative workstation for this purpose if required. Profiles created or edited natively within Internet Explorer can then be converted for use on Edge Chromium IE Mode using the conversion procedure outlined in Knowledge Article 26249 mentioned above.
When creating application profiles, you must use Explicit Credential Capture (ECC) rather than native capture. Since the Native Credential Capture option is usually disabled when trying to capture applications running in IE using the Imprivata UIA probe, enable the option to use the OneSign credential enrollment window for IE mode applications captured in Google Chrome or Edge Chromium.
The Imprivata Chrome extension must be installed and enabled in the Edge Chromium browser to get SSO for UIA (Microsoft UI Automation) web apps in IE mode. However, you do not need to enable that Chrome extension for Browser Helper Object (BHO) and hybrid web apps running in IE mode.
Exporting newly profiled web apps removes the useUIAToo tag necessary for IE Mode to allow SSO. After reimporting the XML, re-add useUIAToo="true" to the application XML to allow SSO to work again.