Remote Device Authentication to Imprivata Enterprise Access Management for SSO
Enterprise Access Management for SSO (formerly Imprivata OneSign) allows remote authentication between any two computers with Imprivata agents, even if the remote computer requires a proximity card, smart card, finger print scanner, or other device for authentication.
Example of Remote Authentication to Imprivata OneSign via Authentication Device
A user wants to authenticate to Enterprise Access Management on a remote computer. This can be any type of session including a Citrix session.
Conditions
-
An Imprivata agent must be installed on the local computer, but the user need not be logged into Enterprise Access Management.
-
The authentication prompt is in the remote session.
-
The remote computer’s Enterprise Access Management policy requires fingerprint authentication.
-
The user’s local computer has a fingerprint scanner.
Workflow
-
A user may authenticate but is not required to authenticate to a session on a local computer.
-
The user opens an RDP or Citrix session to the remote computer.
-
The remote computer immediately prompts the user for authentication.
-
The user scans an enrolled fingerprint. The authentication transaction takes place in the remote session.
Two Special Situations for Proximity Card Users
If the local computer policy permits users to lock the computer with a proximity card, then the user can lock the local session by tapping an enrolled proximity card on the local card reader. The remote session remains open.
If an Imprivata ProveID authentication dialog is present, then the proximity card authenticates the user to ProveID.
Computer Requirements
Only the local computer is required to have a fingerprint scanner, proximity card reader, or smart card reader.
Authentication to a remote computer via fingerprint, passive proximity card, or external-certificate smart card requires both computers to use Windows XP, Vista, or Windows Server 2003 or Windows Server 2008.
