NOTE: This article applies to iOS devices only.
What is Enterprise Password AutoFill?
Check Out is integrated with Imprivata Enterprise Access Management (formerly Imprivata OneSign) to support Password AutoFill for iOS applications and websites. After checking out an iOS device to a user, the system makes a user’s credentials available to them when needed through Apple’s Enterprise Password AutoFill framework.
For most apps, users tap the Passwords button above the keyboard. This displays a list of application credentials that will be automatically typed for the user.
Web sites and apps with an associated domain are even easier and include the correct user credentials as part of the keyboard layout. An associated domain can only be enabled by the app’s vendor, and not Imprivata.
At the end of a shift, Imprivata Mobile Access Management purges credentials from the phone while checking in and locking down the device.
Is this using Apple’s iCloud?
The AutoFill system will be immediately familiar to many of your users. However, Imprivata’s implementation does not require iCloud nor an Apple ID. All credentials are based within the Imprivata appliance already in place at most hospitals.
How do I configure Password AutoFill on my devices?
Password AutoFill requires MAM Check Out and Imprivata Enterprise Access Management. In the MAM server console, there are settings for two-factor authentication and keyboard type. In EAM, you’ll load profiles for each app and website and deploy these to your user groups.
On each device, after initial provisioning, you’ll enable AutoFill by opening Settings > Passwords > AutoFill Passwords, and then select the Imprivata Locker app. If you erase or Self Heal your devices, you’ll need to repeat this step. If disabled, Locker will remind your users during Check Out.
Is Two-Factor Authentication (2FA) supported?
2FA is supported for Password AutoFill. It’s determined by EAM’s User Policy settings, including any applicable grace period set in EAM. Users are challenged to enter either their Imprivata PIN or domain/EAM Password before the first Password AutoFill event.
What apps and web sites will AutoFill?
Imprivata is leveraging Apple’s built-in AutoFill functionality. This feature works with most apps and nearly all websites. For a list of currently tested apps that support AutoFill, visit this page. You can use our Autofill Discovery app to validate if your applications support Password AutoFill.
Can I AutoFill without Imprivata Enterprise Access Management?
No. Our implementation uses Imprivata Enterprise Access Management as the identity provider.
Are there any Imprivata Enterprise Access Management release requirements?
All currently maintained releases of Imprivata Enterprise Access Management are supported. As on other platforms, your EAM administrator will load and deploy profiles for each iOS app and website. The mobile devices using AutoFill must have access to the same network as the Imprivata appliance.
Can users update their application credentials on iOS?
Not today. Users will need to update and maintain their passwords on a computer running the Imprivata agent. Similarly, a computer with the Imprivata agent is required to enroll new users.
Any logout capabilities?
Password AutoFill provides only login. Separately, Mobile Access Management supports several ways to log out of apps, including Universal Link Callbacks. These methods require support from the app’s developers.