Deploy Imprivata MDA via your MDM

Download the Imprivata MDA app from the Google Playstore and distribute it to your mobile devices using Mobile Device Management (MDM) software. Your implementation of Imprivata MDA must be configured for the MDM that you are using.

See the Imprivata MDA AppConfig Reference for supported MDM AppConfig keys.

Select one of the MDM providers below:

Installing with an MDM

NOTE:

After development, some or all of the steps may be required.

  1. From the mobile device, open Imprivata MDA.

  2. If Imprivata MDA cannot obtain the device ID, either allow one–time access or generate a random ID.

    A device ID is required to report on login and device activity.

  3. Follow the prompts to activate the Accessibility Service.

  4. If required, follow the prompts to enable the following:

    • Optional—Give Imprivata MDA full control of the device.

      Allowing full control is appropriate for apps that assist with accessibility needs.

    • RequiredPermit drawing over other apps or the respective permission.

      For example, this permission may also be referred to as Enable Overlay of other apps.

    • RequiredEnable Read notifications.

    • Required—Give Imprivata MDA access to notifications.

      Allowing access lets users interact with app notifications. You specify the applications whose push notifications are allowed in the Customization section of the mobile policy.

The login screen appears when you have configured all of the required permissions.

Manually Configuring a Connection to the Imprivata Appliance

Imprivata MDA must be configured with the IP address of an Imprivata appliance.

If you installed Imprivata Mobile Device Access to a single device manually or were unable to configure the IP address of an Imprivata appliance using an MDM, complete the following.

To configure the connection manually:

  1. Tap the Imprivata lock screen 10 times quickly.

  2. Enter the IP address or domain name of an Imprivata appliance in Server IP.

Configuring the Display of Device Information on Authentication Screens

Configure Imprivata Mobile Device Access to display identifying device information on the badge tap screen and the credentials entry screen. This allows users to distinguish between devices used for different workflows and assists admins in identifying device names for troubleshooting.

To configure the display of device information:

The display of device information is configured by the MDM AppConfig.

  • The AppConfig Configuration Key field for this feature is "DeviceInfoPattern".

  • The AppConfig Value Type for this feature is "String".

  • The AppConfig Value is a comma-separated list of one or more of the following variables:

    • $AndroidVersion

    • $AndroidShortVersion

    • $DeviceName

      The variables above can be combined with a customized text string you wish to display to identify the device.

      Example:

      This is $DeviceName, $AndroidShortVersion

      Results in:

      This is Galaxy Note 5, A11

To enable the display of device information on authentication screens in Workspace ONE:

  1. In the Workspace ONE UEM console, click Apps & Books > Applications > Details View and click Assignment. Select the assignment group.

  2. Click Application Configuration and click Add.

  3. Set up the app configuration with the following:

    1. In the Configuration Key field, enter DeviceInfoPattern.

    2. In the Value Type, select String.

    3. In the Configuration Type, enter a comma-separated list of device variables.

      For example:

      $AndroidVersion, $AndroidShortVersion, $DeviceName

Enabling Landscape Mode

Enable Imprivata Mobile Device Access to change the mobile device's orientation from portrait to landscape mode, especially on tablets. The landscape orientation applies to the authentication screen, the settings page, password management tools and overlays.

To enable, the administrator must inform Imprivata Mobile Device Access of which mobile device models should deploy in landscape mode. This is done with a configuration key value and AppConfig.

For additional information on configuring apps via AppConfig, see your MDM documentation.

To enable landscape mode in Workspace ONE:

  1. In the Workspace ONE UEM console, click Apps & Books > Applications > Details View and click Assignment. Select the assignment group.

  2. Click Application Configuration and click Add.

  3. Set up the app configuration with the following:

    1. In the Configuration Key field, enter LandscapeDevices.

    2. In the Value Type, select String.

    3. In the Configuration Type, enter a comma-separated list of mobile device model numbers.

      For example:

      Versity 9540, SM-G95OU1, Pixel 4

      Device numbers can be found in Android settings, but may depend on the device vendor and Android version.

Enabling Admin Access Code

If there is no connection to the Imprivata appliance and guest mode is not enabled, then there is no way to access the device to troubleshoot the device.

When Imprivata Mobile Device Access is deployed with an admin access code, an administrator will have a way to bypass the Imprivata Mobile Device Access lock screen whether or not they are connected to the Imprivata appliance.

NOTE:

When an administrator accesses the device via this feature, the previous users are logged out before access is granted.

To configure the Admin Access Code:

The Admin Access Code is configured by the MDM AppConfig. There is no manual toggle for this feature.

  • The AppConfig Configuration Key field for this feature is "AdminAccessCode".

  • The AppConfig Value Type for this feature is "String".

  • Admin passcode requires a minimum of 8 characters.

To enable landscape mode in Workspace ONE:

  1. In the Workspace ONE UEM console, click Apps & Books > Applications > Details View and click Assignment. Select the assignment group.

  2. Click Application Configuration and click Add.

  3. Set up the app configuration with the following:

    1. In the Configuration Key field, enter AdminAccessCode.

    2. In the Value Type, select String.

    3. In the Configuration Value, enter the passcode for Admin Access.

To access the device using the Admin Access Code:

  1. Tap the device lock screen ten (10) times quickly to access the settings page.

  2. Click Admin Access.

  3. To continue, enter the code into the dialog.