NHS Spine Support for Imprivata ProveID Embedded

Support for Spine applications reduces the time users must wait when re–authenticating to those applications during their shift.

After users authenticate for the first time, the appliance manages subsequent Spine authentication requests. Delegating the requests to the appliance removes the delays associated with network factors, such as load and latency, that can exist between your enterprise and the Spine.

This topic details how to enable support for NHS Spine applications that are accessed on a published desktop from Imprivata ProveID Embedded endpoints. Imprivata ProveID Embedded supports the Imprivata Spine Combined Workflow on the following published desktops:

  • VMWare View Desktop

  • Citrix XenDesktop

  • Citrix XenApp

Before You Begin

Familiarize yourself with the expected end user workflow, requirements, and supported authentication methods.

Configuring NHS Spine Support for Imprivata ProveID Embedded

Complete the following steps to enabled NHS Spine support.

Manage Access for Endpoint Authentication USB Devices

The following sections detail the types of USB redirection used to redirect authentication devices to the published resources.

Reporting Spine User Activity

The Spine Combined Workflow report provides information about users and the authentication events related to their Enterprise Access Management Spine session, including:

  • When Enterprise Access Management created a Spine session on behalf of an authenticated user.
  • The number of times that the Spine session was used to re-authenticate the user.
  • The number of times the Spine session was not used to re-authenticate the user because the two–factor authentication requirement was not met.
  • When an Administrator deleted a Spine session of an authenticated user.

NOTE: For more information about creating a report, see Using Reporting Tools.

Managing a Spine Session

After a user authenticates for the first time, the Enterprise Access Management grace period duration determines how long the appliance manages subsequent Spine authentication requests.

There are times, however, when the persisted session and its grace period must be deleted or reset.

Modified Registry Settings

Enabling Spine support modifies, if necessary, the following NHS Digital Identity Agent registry settings:

  • CardRemovalCheck

    Default value: true

    Modified value: false

  • SessionLockPersistence_Enabled

    Default value: false

    Modified value: false

  • IdleWaitPeriodInSeconds

    Default value: 1800

    Modified value: 36000

NOTE: For more information about these registry settings, see the HSCIC Identity Agent Administrators Guide.