Testing Application Profiles

You can test screen recognition, credential capture, and credential proxying parameters before deploying application profiles created with the Imprivata Application Profile Generator (APG) to users' Imprivata agents.

This topic includes:

• Testing the Application Profile

• Using the Imprivata Single Sign-On Test Agent

Testing the Application Profile

To test an application profile before deploying it:

1. Open the profile’s Select Screens screen.

2. Click Test Operation. The Testing Login window opens.

3. Click Start to Test. The Imprivata APG goes into Test Mode. Test Mode lets you use the Imprivata agent as if you were a user, without interference from the Imprivata APG. The Imprivata APG does not attempt to sign you into any applications, except for the one you are testing.

4. Launch the target application and test the login screens and failed logins. If you find places where the profile fails, you can edit the profile and then test it again.

5. Authenticate normally. While you authenticate, the Imprivata APG captures the credentials.

   To reset credentials while testing, click Stop Test at the bottom of the Testing Login window, and then restart the test.

6. Log out of the application, and then launch it again. Watch to see if:

Behavior	Result	Advanced Tool to use
You are logged in without a problem.	Successful profile
The Imprivata APG recognizes login screen, but fails to capture credentials.	The Imprivata APG failed to recognize the Login Success screen.	Advanced Screen Recognition Techniques
The Imprivata APG recognizes login screen, but fails to proxy credentials.	Credential capture failed.	Advanced Credential Capture Techniques
The Imprivata APG recognizes the login screen and proxies credentials, but the login fails anyway.	Credentials were incorrectly captured.
	Proxy failed.	Advanced Credential Proxy Techniques

7. After the application profile passes all of your tests, you can deploy it. See Deploying Application Profiles.

NOTE: Credentials captured in Test Mode are only preserved locally and only for the duration of the test. Test credentials are not uploaded. Password auto-generation is not supported in Test Mode.

Using the Imprivata Single Sign-On Test Agent

The Imprivata single sign-on test agent lets you test your application profiles with a newer version of the Imprivata agent. This helps you verify that a new Imprivata agent is compatible with your existing profiles. The test agent is limited to testing SSO.

Installing the Imprivata single sign-on test agent automatically uninstalls any other Imprivata agent on the same computer, so a computer with the Imprivata single sign-on test agent has no connection to the Imprivata OneSign server and is not subject to Imprivata OneSign auditing and reporting features.

The Imprivata single sign-on test agent comes with a fully functional Imprivata APG and a limited testing version of the Imprivata Admin Console. This section describes:

• Installing the Imprivata Single Sign-On Test Agent

• Testing Application Profiles

• Using the Administrator Console

• The Imprivata Single Sign-On Test Agent Menu

Before You Begin

You need an Imprivata single sign-on test agent for the Imprivata OneSign version that you want to test. Request an Imprivata single sign-on test agent license from Imprivata Support. Imprivata single sign-on test agent licenses are valid for a limited time, starting from the time they are generated.

Export the application profiles from your production environment that you want to test, and store them in a testing environment:

1. On the production Imprivata enterprise, log into the Imprivata Admin Console.
2. Go to the Applications > OneSign single sign-on application profiles page.
3. Select the profiles you need to test.
4. Click Export and save them as AppProfiles.XML to a portable storage device or to a network location accessible to the test computer.

Installing the Imprivata Single Sign-On Test Agent

To install the Imprivata single sign-on test agent:

1. Obtain an MSI file and an Imprivata single sign-on test agent license file for the new Imprivata agent from Imprivata Support.

2. Install the Imprivata single sign-on test agent from the MSI file. Select Single Sign-On Test Agent and click Next:



3. Follow the wizard. After the agent is installed, restart the computer.

4. After restarting the computer, you are prompted to import the license file that you received from ImprivataSupport.

5. After you import the license file, you are prompted to log into the Imprivata single sign-on test agent. You can log in with any credentials acceptable to Windows.

Testing Application Profiles

To test application profiles with the new version of the Imprivata agent:

1. Before you test your profiles with the Imprivata single sign-on test agent, make sure that they are working using your production Imprivata agent in your production environment.

2. From the Imprivata single sign-on test agent Administrator Console, import the AppProfiles.XML that you exported in Before You Begin.

3. In the Imprivata single sign-on test agent Administrator console, deploy the profiles. Set up multiple user accounts to reflect the way the profiles are used in your production environment.

NOTE: When you use the Administrator Console from the Imprivata single sign-on test agent, Edit Passwords, Reveal Passwords, and other password management-related privileges are enabled by default so they can be used in testing.

4. For each application profile, test each screen, comparing behavior to production behavior.

   • If the profile behaves as expected, then do nothing. The profile will continue to behave as expected when the new Imprivata agent is deployed to users in the production environment.

   • If an application profile does not work as expected with the Imprivata single sign-on test agent, notify Imprivata Support.

Using the Administrator Console

The Imprivata single sign-on test agent comes with an Administrator Console: a reduced version of the full Imprivata Admin Console that contains limited versions of the Imprivata OneSign single sign-on application profiles and OneSign Containers pages.

Credential sharing, number of enrolled users, and other features not necessary for testing are not supported with the Imprivata single sign-on test agent. You can deploy application profiles only to the server-side Imprivata single sign-on test agent.

When you start, there are no application profiles. You can export them from your production enterprise to a portable storage device or to a network-accessible location and then import the AppProfiles.XML file as described in Deploying Application Profiles.

The Imprivata APG that comes with the Imprivata single sign-on test agent is fully functional. You can profile and test applications in isolation and then import them to a production environment of the same Imprivata OneSign version.

The Imprivata Single Sign-On Test Agent Menu

The Imprivata single sign-on test agent has features that you access from a menu that opens when you click the icon in the Windows notification area. Additional features appear when you click while holding the Ctrl key on your keyboard.

Menu Item	ImprivataSingle Sign-On Test Agent
Manage Passwords	Manage credentials for SSO application accounts. With the Imprivata single sign-on test agent, all password management-related privileges are enabled by default so they can be used in testing.
Administrator Console	Opens a limited version of the Imprivata Admin Console.
Suspend/ Resume Single Sign-On	Suspends single sign-on temporarily if another person needs to log in to your application from your computer.
Reset Credentials (Ctrl+click only)	Erases the local copies of all application credentials.
Sync with Server	The Imprivata single sign-on test agent is a standalone agent. It syncs with locally stored data. The agent is automatically updated whenever you make changes in the Administrator Console.
Imprivata OneSign License	Shows the time remaining on your Imprivata single sign-on test agent license, and a link to upload a new license file.
Trace Utility (Ctrl+click only)	Starts the ISXTrace troubleshooting utility.
Getting Started	Opens a brief tutorial about Imprivata OneSign and its SSO features.
About OneSign	Checks the type of agent and its version.
Login/Logout	Allows you to log in/out of an agent session as different users.
Exit	Closes the Imprivata agent.