Restrict Imprivata ID Enrollments with your Enterprise Mobility Management Solution

Imprivata Enterprise Access Management (formerly Imprivata Confirm ID) supports restricting the enrollment of an Imprivata ID token to environments that are managed by your preferred Enterprise Mobility Management (EMM) vendor. A unique Enterprise ID is available on the Imprivata Admin Console to link to your EMM to your Imprivata enterprise. When configured, the Imprivata ID app is validated during enrollment that it was installed from your organization's EMM environment and not a public app store.

Example: Imprivata ID from VMware AirWatch

With this restriction in place, to successfully enroll Imprivata ID in your Imprivata Confirm ID enterprise, a user must:

  1. Download the AirWatch Agent app

  2. Enroll the device with the AirWatch account credentials created for your user by AirWatch

  3. Install Imprivata ID via the AirWatch app

  4. Enroll Imprivata ID in your Imprivata enterprise.

Imprivata ID from iTunes or Google

With this restriction in place, if a user installs Imprivata ID from the iTunes App Store or Google Play, they will not be able to enroll it in your Imprivata enterprise. After the failed enrollment, they will receive the error message:

  • There is a problem with your Imprivata ID. Contact your help desk. (Unable to enroll Imprivata ID)
NOTE:

Imprivata Enterprise Access Management only validates the Imprivata ID installation at the time of enrollment. Any users who installed Imprivata ID from the iTunes App Store or Google Play, and enrolled Imprivata ID with your enterprise before the Enterprise Mobility Management restrictions were enabled will continue to be enrolled.

Enable Restrictions for Imprivata ID Enrollment

Generate a unique IID identifier from Imprivata and enter it in your EMM software:

Generate Identifier

  1. In the Imprivata Admin Console go to the gear icon > Settings.

  2. Go to Enterprise Mobility Management (EMM) restrictions for IID enrollment

  3. Select Enable EMM restrictions for IID enrollment

  4. Click Generate.

  5. Copy the unique IID enrollment identifier to be pasted later.

  6. Click Save.

CAUTION:

If you click Generate again after completing this setup, and the IID enrollment identifier you entered on your EMM console is not updated, all subsequent Imprivata ID enrollments will fail. Update the Enterprise ID value on the EMM console again (see below).

Create Configuration Key

In your Enterprise Mobility Management solution, enable this restriction by using the enterprise-specific IID enrollment identifier in combination with the Enterprise ID variable:

  • iOS: mdmEnterpriseId (this is case-sensitive)

  • Android: Enterprise ID (this is case-sensitive)

Example: VMware AirWatch Store

Add Imprivata ID to the Public apps on VMware AirWatch App Store.

Add the Configuration Key you generated above:

  1. Click Add Application, search for and select Imprivata ID.

  2. On the Imprivata ID — Update Assignment screen, click Add Assignment.

  3. On the Imprivata ID — Add Assignment screen, click Select Assignment Groups and select the users to receive Imprivata ID.

  4. Before you click Add, select Application Configuration = Enabled.

  5. Enter Key-Value pair to configure Imprivata ID:

    • The Configuration Key variable name:

      iOS: mdmEnterpriseId (this is case-sensitive)

      Android: Enterprise ID (this is case-sensitive)

    • Value Type = String

    • Configuration Value = The unique IID enrollment identifier.

  6. When you are done, click Save And Publish.

  7. Repeat this process for both Android and Apple iOS.