Configure App Logout Actions

Some apps require logout only through force stopping. In the field, customers have encountered issues when terminating certain applications that require clearing the cache, and force stop to make sure the application was correctly terminated and ready for the next user.

Imprivata MDA supports the combination of these two actions for logout. Epic Rover1, in particular, benefits from the ability to clear the cache and force stop the application.

Configure Imprivata MDA to allow it to run specific logout actions or different logout methods for the same app. The AppConfig logout feature can be used to configure specific app logout without creating an Imprivata appliance profile for the app.

NOTE:

This feature is configured via the AppConfig using an MDM. It does not require a profile creation and deployment in Imprivata OneSign.

See the Imprivata MDA AppConfig Reference for supported MDM AppConfig keys.

Prerequisites

Take note of the following prerequisites:

  • Requires Imprivata MDA 7.11 or later.

Limitations

  • Imprivata MDA cannot disable or override logout methods for specific apps. Imprivata MDA just adds more logout operations to the sequence.

  • Microsoft Intune with Managed Home Screen currently does not support clear cache or force stop for logout.

Configure the MDM AppConfig

The logout actions are defined in the MDM AppConfig. For additional information on configuring apps via AppConfig, see your MDM documentation.

See the Imprivata MDA AppConfig Reference for supported MDM AppConfig keys.

To enable the logout actions, add the following key:

  • ConfigFlags - Allows logout actions in Imprivata MDA.

    The AppConfig Configuration Key field for this feature is "ConfigFlags".

    • The AppConfig Value Type for this feature is "String".

    • The AppConfig Value is com.package.name:forceStop|clearCache|clearData

      where

      the supported logout methods are: forceStop, clearCache, clearData.

      There is no limitation to the quantity or order of this kind of flag.

      • The logout methods can be placed together for the same package, for example: com.package.name:forceStop|clearCache

        or

      • the logout methods can be placed separately, for example: com.package.name:forceStop, ... ,com.package.name:clearCache.

      NOTE:

      There is no duplication management, so if the packages with logout methods are placed multiple times, Imprivata MDA will run logout the same number of times in the same order as they were placed.

Example — Epic Rover App

For a deployed Epic Rover app profile with forceStop as the logout method, with the following combination of the ConfigFlags values:

...,com.microsoft.teams:clearCache|forceStop, com.epic.rover:clearData, com.microsoft.teams:forceStop,....

it results in the following logout operation sequence:

  1. Imprivata MDA triggers the force stop for Epic Rover.

  2. Clears the cache for the Teams app.

  3. Force stops the Teams app.

  4. Clears all data for Epic Rover.

  5. Force stops the Teams app again.