Implementation, Maintenance, and Best Practices – Components

Created: Modified: Implementation Guide

NOTE: Use the information in this guide in conjunction with the system requirements.

The Imprivata Mobile Access Management (formerly GroundControl) solution integrates multiple first-party and related components:

  • MAM Console
  • your MDM system
  • Imprivata Enterprise Access Management (Imprivata OneSign)
  • MAM Launchpad on Mac or Windows computer
  • Smart Hubs
  • proximity card readers
  • iOS and Android devices
  • the Imprivata Locker app for iOS and Android
  • Wi-Fi and network
MAM Console

Imprivata Mobile Access Management is a hybrid system with a cloud-based SaaS management console.

By default, MAM uses a traditional username and password for login. Imprivata recommends that you instead opt for SAML login, which reduces risk by keeping no passwords within the MAM cloud. Your organization is then able to enforce all authentication requirements. SAML is available for both shared and dedicated environments. To set up SAML, see Configure SAML.

The MAM console requires each console administrator to be assigned a role. Review the role documentation to select the most appropriate role for each of your administrators.

MDMs


A well-configured mobile device management (MDM) system is critical for MAM to work as expected.

For information on supported MDMs, see the system requirements and MDMs.

Imprivata Enterprise Access Management (Imprivata OneSign)


MAM‘s Check Out feature requires customers to integrate with Imprivata Enterprise Access Management as the web service to handle the translation of badge IDs to user IDs.

For more information, see Integrate Imprivata Enterprise Access Management.

Equipment at Each Location

MAM requires equipment at each location where you will store devices. This includes a Launchpad Mac or Windows computer, a proximity badge reader, and a Smart Hub.

Launchpad Mac or Windows Computer

The Mobile Access Management Launchpad software for Mac or Windows computers receives instructions from the MAM Server in the cloud, and reacts to device connections and proximity card taps.

  • Each location with devices requires its own Mac or Windows computer. The computer must meet all system and networking requirements.
  • Ensure your Launchpad computers are completely standard, using the same model, same Smart Hub, same USB cables, same mobile device models, and even the same cases. Differences in configuration will guarantee future headaches.
  • Smart Hubs must always be connected directly to the Launchpad computer.
  • For best performance, MAM requires a 1 to 1 connection between the Launchpad and the Smart Hub:
    • MAM does not support the daisy-chaining of hubs.
    • MAM does not support connecting more than one Smart Hub to a single Launchpad.
  • The Launchpad computers require a stable 24 × 7 network connection via Ethernet.
  • Hot Spot functionality should be turned off on Windows computers that host the Launchpad software because it can cause network connectivity issues. For more information, see “MDM Restriction Profile” in Recommended Settings for Clinical Devices.
  • To scale for expansion, you should prepare your installation process. Imprivata supports automated Launchpad installation and registration, using systems such as UEM, SCCM, and Jamf Pro.
Set Up Launchpad Computers for Unattended Use

Whether you choose Mac or Windows computer, the systems must be set up for unattended use.

Imprivata requires that each Launchpad computer is a headless system, with no display, mouse or keyboard. Users should not be logging into these computers for any other purpose.

For more information, see the system requirements and this Configure Unattended Launchpads.

Launchpad and Smart Hub Monitoring

Launchpad computers and Smart Hubs are expected to be running 24 hours a day. The Launchpad Monitoring feature will help maintain that availability. Ensure the following:

  • Turn on Launchpad monitoring and configure the alerts to provide a notification to supporting groups in your organization.
    • Define a group of admins to receive the Launchpad alerts.
    • Set the notifications to notify admins 15 minutes after a Launchpad disconnects, and 15 minutes after a Smart Hub disconnects.
  • Restart monitored Launchpads daily – set to 4 AM daily or consider your organization’s shift change schedule and specify a quiet time.

In the MAM console, go to Admin > Launchpads > Launchpad Monitoring. For more information, see Launchpad Monitoring.

Smart Hubs

The Smart Hub is a critical infrastructure component. Imprivata sells specific models that we have tested and which function reliably for demanding environments.

For more information on supported Bretford and Datamation Smart Hubs, see the system requirements.

BEST PRACTICE: Bretford and Cambrionix Smart Hubs have upgradable firmware. Install the most current supported firmware, which will ensure you have support for current mobile devices. MAM reports the Smart Hub firmware version in the Launchpad view.

Proximity Card Readers

Each Launchpad computer used for Check Out workflows requires a proximity card reader.

  • Only certain proximity card readers are supported. See the system requirements.
  • Plug the proximity card reader into an Imprivata Enterprise Access Management workstation for configuration and then unplug it. Repeat the process for all proximity card readers.
  • Affix proximity card readers consistently using interlocking tape in locations that are easily accessible to end users, ensuring proper cable management to minimize the risk of tangled or obstructed cords.
Mobile Devices

iOS and Android devices must be running a supported operating system version. iPhones and iPads are supported as DEP and non-DEP devices.

Imprivata Locker App for iOS and Android

The Imprivata Locker app manages device sign in and out, and locks down the device between users. The Imprivata Locker app is required for Check Out customers and must be installed by your MDM solution.

For more information, see Imprivata Locker App.

Device Cases
  • Imprivata recommends simple silicon cases.
  • Imprivata does not support battery cases with data passthroughs.
Device Cleaning

For device cleaning recommendations, see your device manufacturer’s recommendations and consult your organization’s infection control best practices.

Wi-Fi and Network

For information on Wi-Fi and network requirements, see the system requirements.

Change History

DateVersionDescription
September 20244.0Add "Utilizing the Dashboard" section
September 20243.0Update "Maintenance" section
Add "Certificates" section to Maintenance
July 20242.0Add new sections for "Before You Begin — Strategy".
Remove the "Audience" section.
Update the "User Experience" section to "Settings"
Add new section for "Deployment"
June 20241.0Initial release of the guide