What's New in Imprivata Enterprise Access Management 25.1

Imprivata has announced the introduction of new, descriptive product names, across our portfolio of products, that will soon become synonymous with Imprivata excellence across our platforms and products. These new names make it easier to understand what each product offers by aligning closely with well-understood industry terms. Our transition to these new descriptive names will be a journey throughout the year and beyond.

You will continue to see our former branded names used side by side their new names (i.e. Imprivata Enterprise Access Managementfor MFA, formerly Imprivata Confirm ID).

Some interfaces in the Imprivata Admin Console, Imprivata Appliance Console, and documentation may retain the older Imprivata OneSign and Imprivata Confirm ID product names. Older releases of Imprivata Confirm ID will retain their former product names.

Imprivata provides limited support for customers transitioning to Entra, where their new devices are Entra only joined, their Active Directory (AD) maintains users, and AD syncs to Entra.

Single Sign-On access to your Enterprise Access Management Admin Console from access.imprivata.com, powered by the Imprivata Cloud Platform.

Mobile EPCS face recognition users may be asked to provide consent to sharing their biometric information, depending on their state of residency.

Reporting has been enhanced to improve visibility into activities associated with proximity cards, such as enrollment and usage:

• Previously, reports that listed the authentication method only specified that a proximity card had been used, but did not include the proximity card ID. With this update, these reports continue to specify when a proximity card was used and include its ID.

  Examples of these reports include, but are not limited to the following:

  • Computer and user activity reports

  • Computer details reports

  • Enrollment reports

  • Login activity reports

• Previously, the User Details page specified that a proximity card was enrolled and listed its ID. With this update, this page continues to include the latter information and now includes the proximity card enrollment date.

Beginning with 25.1, the Imprivata agent is available for 64-bit operating systems only. The Imprivata appliance no longer ships with a 32-bit version of the Imprivata agent.

Consider the following:

• Single sign-on for 32-bit applications remains supported—you can continue to use the 64-bit version of the Imprivata agent to start the Imprivata Application Profile Generator (APG) and profile 32-bit applications for SSO.

• The Imprivata appliance remains backwards compatible with the 32-bit Imprivata agent—If you are upgrading, no action is required:

  • Features released in 24.3 and earlier continue to be supported by the 32-bit Imprivata agent.

  • To take advantage of features released in 25.1 and later, the 64-bit version of the Imprivata agent is required.

Imprivata Self-Service Password Reset (SSPR) has been enhanced to support SMS as a second factor of authentication (2FA). In addition to security questions, you can require that users respond to a one-time code sent to their phone to verify their identity.

When SMS is required, users enter their code into the self-service web application when authenticating for a domain password reset.

Number matching with Imprivata ID was introduced in 23.3. When enabled, number matching requires users to enter a 2-digit code into Imprivata ID when authenticating for Imprivata Web SSO and Remote Access workflows. With this release:

• Number matching is automatically enabled in your ImprivataEnterprise Access Management with MFA workflow policy.

  • Previous to this release, number matching was disabled by default. In which case, users were required to approve an Imprivata ID push notification to authenticate.

  • Enabling number matching helps to provide a greater level of protection against MFA fatigue attacks that are generally associated with push notifications.

• You have more control over how you deploy number matching. You can now scope number matching to the following types of workflows:

  • Imprivata Web SSO and cloud-based Remote Access

  • Legacy Remote Access

This release introduces changes to the user experience of Imprivata Enterprise Access Management. These improvements offer refreshed user interfaces that provide a consistent layout and experience across Imprivata products.

For more information about these updates, including resources that are available to help you inform users about these changes, see the UX Changes Brief.

For more information on new 25.1 qualifications and certifications, see Imprivata Confirm ID Supported Components.

The Classic Windows login is deprecated and will no longer be supported after Q1 2026.

Imprivata is committed to innovation and is focusing efforts on the Imprivata login. It is recommended that you begin planning a migration to the Imprivata login. For more information about the Imprivata login and next steps, see the FAQ.

While Microsoft has not announced a release date for their planned update to LDAP channel binding and LDAP signing requirements, it is recommended that Imprivata administrators verify that their Imprivata directory (domain) connections are configured for SSL. When the update is applied, any directory connection that is not configured for SSL may fail.

To verify the connection settings, go to the Directories page (Users menu > Directories) and open the required domain. Verify that Use TLS for secure communication is selected.

As part of Imprivata's continuing effort to increase our security posture, beginning with the 7.4 release, Imprivata disables the use of older TLS versions 1.0 and 1.1 for all appliance communications.

For more information on TLS usage, see the "About TLS Communication" topic in the Imprivata Online Help.

As part of Imprivata's continuing effort to increase our security posture, this release includes two modes of API access through the Confirm ID and ProveID API:

• Full

  Full access enables the ability to use the Confirm ID COM interface. Full access is required in the following areas because of the reliance on the COM interfaces:

  • Clinical Workflows

  • EPCS

  • Imprivata Connector for Epic Hyperdrive

  • When Imprivata Confirm ID needs a password.

• Restricted

  In restricted mode, access to Password and UserAppCreds resources are disabled. A ResourceRequest that includes an attribute id of Password or UserAppCreds returns a response with a message stating that access is restricted and status code 403.

By default, Confirm ID access is disabled and ProveID API access is set to restricted. The settings to manage API access are on the API access page in the Imprivata Admin Console.

When you set up a new G4 appliance on a network that does not use DHCP, then in the Appliance Setup Wizard process, under System Information, the Host Name and Domain Name fields get prepopulated with values localhost and localdomain. Previously, in Imprivata Confirm ID 7.8 and earlier, these fields were left blank. You must replace the prepopulated values with values for the permanent host name and domain name of the appliance.

Imprivata's Secure Walk Away added support for a Nordic Bluetooth Low Energy (BLE) receiver in Imprivata OneSign and Imprivata Confirm ID 7.11. The Bluetooth receiver sensitivity may vary for different mobile devices. If your users report that their workstations lock because Secure Walk Away does not detect their mobile devices, adjust the Secure Walk Away – Imprivata ID Sensitivity slider control in the computer policy assigned to those workstations. For more information, see topic Configuring Imprivata Secure Walk Away, section “Adjust Secure Walk Away – Imprivata ID Sensitivity”.