Imprivata Documentation | Imprivata Mobile Access Management (GroundControl) | Topic updated: April 10, 2025

Enterprise Password AutoFill FAQ

NOTE: This article applies to iOS devices only.

What is Enterprise Password AutoFill?

Imprivata Mobile Access Management Check Out is integrated with Imprivata OneSign to support Password AutoFill for iOS apps and websites. After checking out an iOS device to a user, the system will make a user’s credentials available to them through Apple’s Password AutoFill framework.

For most apps, users tap the Passwords button above the keyboard. This displays a list of application credentials that will be automatically typed for the user.

Websites and apps with an associated domain include the correct user credentials as part of the keyboard layout. An associated domain can only be enabled by the app’s vendor, and not Imprivata.

At the end of a shift, Mobile Access Management purges credentials from the phone while checking in and locking down the device.

Is this using Apple’s iCloud?

The AutoFill system will be immediately familiar to many of your users. However Imprivata’s implementation does not require iCloud nor an Apple ID. All credentials are based within the Imprivata appliance already in place at most hospitals.

How do I configure Password AutoFill on my devices?

Password AutoFill requires Mobile Access Management Check Out and the integration with Imprivata Enterprise Access Management (formerly Imprivata OneSign).

In the MAM admin console, there are settings for two-factor authentication and keyboard type. In EAM, you’ll load profiles for each app and website, and deploy these to your user groups.

On each device, after initial provisioning, you’ll enable AutoFill by opening Settings > Passwords > AutoFill Passwords, and then select the Imprivata Locker app. If you erase your devices, you’ll need to repeat this step. If the setting is disabled, the Locker app will remind your users during Check Out.

Is Two-Factor Authentication (2FA) supported?

2FA is supported for Password AutoFill. It’s determined by EAM’s User Policy settings, including any applicable grace period set in EAM. Users are challenged to enter either their Imprivata PIN or domain plus EAM password before the first Password AutoFill event.

What apps and web sites will AutoFill?

Imprivata is leveraging Apple’s built-in AutoFill functionality. This feature works with most apps and nearly all websites. For a list of currently tested apps that support AutoFill, visit this page. You can use our Autofill Discovery app to validate if your applications support Password AutoFill.

Can I AutoFill without Imprivata Enterprise Access Management?

No. The implementation uses Imprivata Enterprise Access Management as the identity provider (IdP).

Any Imprivata Enterprise Access Management version requirements?

All currently maintained versions of Imprivata Enterprise Access Management are supported. Your EAM administrator will load and deploy profiles for each iOS app and website. The mobile devices using AutoFill must have access to the same network as the Imprivata appliance.

Can users update their application credentials on iOS?

Not today. Users will need to update and maintain their passwords on a computer running the Imprivata agent. Similarly, a computer with Imprivata agent is required to enroll new users.

Any logout capabilities?

Password AutoFill provides only login. Separately, Mobile Access Management supports several ways to log out of apps, including Universal Link Callbacks. These methods require support from the app’s developers.