NOTE: Use the information in this guide in conjunction with the system requirements.
The Imprivata Mobile Access Management (formerly GroundControl) solution integrates multiple first-party and related components:
- MAM Console
- your MDM system
- Imprivata Enterprise Access Management (Imprivata OneSign)
- MAM Launchpad on Mac or Windows computer
- Smart Hubs
- proximity card readers
- iOS and Android devices
- the Imprivata Locker app for iOS and Android
- Wi-Fi and network
MAM Console
Imprivata Mobile Access Management is a hybrid system with a cloud-based SaaS management console.
By default, MAM uses a traditional username and password for login. Imprivata recommends that you instead opt for SAML login, which reduces risk by keeping no passwords within the MAM cloud. Your organization is then able to enforce all authentication requirements. SAML is available for both shared and dedicated environments. To set up SAML, see Configure SAML.
The MAM console requires each console administrator to be assigned a role. Review the role documentation to select the most appropriate role for each of your administrators.
MDMs
A well-configured mobile device management (MDM) system is critical for MAM to work as expected.
For information on supported MDMs, see the system requirements and MDMs.
Imprivata Enterprise Access Management (Imprivata OneSign)
MAM‘s Check Out feature requires customers to integrate with Imprivata OneSign as the web service to handle the translation of badge IDs to user IDs.
For more information, see Integrate Imprivata OneSign.
Equipment at Each Location
MAM requires equipment at each location where you will store devices. This includes a Launchpad Mac or Windows computer, a proximity badge reader, and a Smart Hub.
Launchpad Mac or Windows Computer
The Mobile Access Management Launchpad software for Mac or Windows computers receives instructions from the MAM Server in the cloud, and reacts to device connections and proximity card taps.
- Each location with devices requires its own Mac or Windows computer. The computer must meet all system and networking requirements.
- Ensure your Launchpad computers are completely standard, using the same model, same Smart Hub, same USB cables, same mobile device models, and even the same cases. Differences in configuration will guarantee future headaches.
- Smart Hubs must always be connected directly to the Launchpad computer; MAM does not support the connecting of Smart Hubs in series (daisy-chaining).
- MAM Launchpad computers only support concurrent connections to Smart Hubs of the same manufacturer.
- The Launchpad computers must have a stable 24 × 7 network connection via Ethernet
- To scale for expansion, you should prepare your installation process. Imprivata supports automated Launchpad installation and registration, using systems such as UEM, SCCM, and Jamf Pro.
Set Up Launchpad Computers for Unattended Use
Whether you choose Mac or Windows computer, the systems must be set up for unattended use.
Imprivata requires that each Launchpad computer is a headless system, with no display, mouse or keyboard. Users should not be logging into these computers for any other purpose.
For more information, see the system requirements and this Configure Unattended Launchpads.
Launchpad and Smart Hub Monitoring
Launchpad computers and Smart Hubs are expected to be running 24 hours a day. The Launchpad Monitoring feature will help maintain that availability. Ensure the following:
- Turn on Launchpad monitoring and configure the alerts to provide a notification to supporting groups in your organization.
- Define a group of admins to receive the Launchpad alerts.
- Set the notifications to notify admins 15 minutes after a Launchpad disconnects, and 15 minutes after a Smart Hub disconnects.
- Restart monitored Launchpads daily – set to 4 AM daily or consider your organization’s shift change schedule and specify a quiet time.
In the MAM console, go to Admin > Launchpads > Launchpad Monitoring. For more information, see Launchpad Monitoring.
Smart Hubs
The Smart Hub is a critical infrastructure component. Imprivata sells specific models that we have tested and which function reliably for demanding environments.
For more information on supported Bretford and Datamation Smart Hubs, see the system requirements.
BEST PRACTICE: Bretford and Cambrionix Smart Hubs have upgradable firmware. Install the most current supported firmware, which will ensure you have support for current mobile devices. MAM reports the Smart Hub firmware version in the Launchpad view.
Proximity Card Readers
Each Launchpad computer used for Check Out workflows requires a proximity card reader.
- Only certain proximity card readers are supported. See the system requirements.
- Plug the proximity card reader into an Imprivata OneSign workstation for configuration and then unplug it. Repeat the process for all proximity card readers.
- Affix proximity card readers consistently using interlocking tape in locations that are easily accessible to end users, ensuring proper cable management to minimize the risk of tangled or obstructed cords.
Mobile Devices
iOS and Android devices must be running a supported operating system version. iPhones and iPads are supported as DEP and non-DEP devices.
Imprivata Locker App for iOS and Android
The Imprivata Locker app manages device sign in and out, and locks down the device between users. The Imprivata Locker app is required for Check Out customers and must be installed by your MDM solution.
For more information, see Imprivata Locker App.
Device Cases
- Imprivata recommends simple silicon cases.
- Imprivata does not support battery cases with data passthroughs.
Device Cleaning
For device cleaning recommendations, see your device manufacturer’s recommendations and consult your organization’s infection control best practices.
Wi-Fi and Network
For information on Wi-Fi and network requirements, see the system requirements.
Change History
| Date | Version | Description |
|---|---|---|
| July 2024 | 2.0 | Add new sections for "Before You Begin — Strategy". Remove the "Audience" section. Update the "User Experience" section to "Settings" Add new section for "Deployment" |
| June 2024 | 1.0 | Initial release of the guide |