Integrate Imprivata OneSign

Created: Modified: Checkout

Our Check Out feature requires customers to connect to a web service to handle the translation of badge IDs to user IDs. This document describes how to integrate with Imprivata OneSign for identity lookup. If you don’t have Imprivata OneSign, you may use a custom identity lookup service, described in a separate article.

Prerequisites
  • You must use Launchpad 4.9.3 or greater for this functionality.
  • You’ll need to have have followed the Check Out setup instructions in this guide, and that Check Out is working with our built-in GroundControl User Service.
  • Your proximity badge readers need to be configured to preserve parity bits, which is not the factory default. The Imprivata Access tool & OneSign Agent performs this operation automatically, so you can use any proximity badge reader that was previously used with Imprivata OneSign.  You can also use GroundControl to change the configuration for use with OneSign, instructions are included below.
OneSign Set Up

1. Log into the OneSign appliance administrator console

GroundControl Setup

1. In Admin > Check Out, change Identity Web Service to Custom

2. A dialog appears to allow you to enter the URL of the ProveID service. This will be in the form:

https://38.111.62.35/sso/ProveIDWeb/v1/AuthUser

Use the IP address or hostname of your OneSign appliance. You must use https.

3. Enter additional options to enable the Imprivata integration.

To enable the integration for all Launchpads, copy and paste the following code to Admin > Launchpads > Custom Launchpad Options:

ProxCardWebFormat: ProveID
ProxCardImprivataProductID: "74a973cb-b155-428b-8ffc-e0a6a9a9694f"
ProxCardWebCA: DISABLE

Or, to enable the integration for a single Launchpad only, you may add the code above to Launchpad > (select a Launchpad) > Options.

Note, if you wish to troubleshoot, add this option as well:

ModuleLogLevel: { pcProx: Spew, “Checkout HTTP”: Spew }

4. Quit and relaunch the testing Launchpad app for the changes to take effect.

Imprivata Attributes Setup

After you’ve completed either option above, the next steps are:

5. Create two new attributes in Admin > Attributes > Device Attributes:

  • Imprivata Display Name: This attribute will be populated with the full name of the checkout user, which you can display on the wallpaper, the Locker app unlock screen, etc.
  • Imprivata Domain: This attribute will be populated with the domain name of the checkout user.

In addition, the following attribute is built in and available for your use:

  • Device User: This attribute will be populated with the Active Directory user ID of the checkout user.

6. In your “Check In” workflow, add the Set Attribute action to clear the two new attributes.

 

You may now test the system using one of your ID badges.

Proximity Card Reader Configuration

To configure Proximity Card readers for compatibility with OneSign. Today, this action can only be performed per Launchpad, in the future we’ll include support for configuring badge readers in bulk.

1. Navigate to the Launchpads tab and select your Launchpad

2. Click on Launchpad Actions > Configure Badge Reader…

3. Select Imprivata Default and click Apply.

 

 

Next: Custom Identity Web Services