Enterprise Password AutoFill FAQ

Created: Modified: Knowledge Base

What is Enterprise Password AutoFill?

Imprivata GroundControl Check Out is now integrated with Imprivata OneSign to support Password AutoFill for iOS applications and web sites. After checking out an iPhone to a user, the system will make a user’s credentials available to them when needed through Apple’s Password AutoFill framework.

For most apps, users will tap the “Passwords” button above the keyboard. This will present a list of application credentials that will be automatically typed for the user.

Web sites and apps with an associated domain are even easier, and include the correct user credentials as part of the keyboard layout. An associated domain can only be enabled by the app’s vendor, and not Imprivata.

At the end of a shift, GroundControl purges credentials from the phone while checking in and locking down the device.

Is this using Apple’s iCloud?

The AutoFill system will be immediately familiar to many of your users. However Imprivata’s implementation does not require iCloud nor an Apple ID. All credentials are based within the Imprivata OneSign appliance already in place at most hospitals.

How do I configure Password AutoFill on my devices?

Password AutoFill requires GroundControl Check Out and Imprivata OneSign. In the GroundControl server console, there are settings for two-factor authentication and keyboard type. In OneSign, you’ll load profiles for each app and web site, and deploy these to your user groups.

On each device, after initial provisioning, you’ll enable AutoFill by opening Settings > Passwords > AutoFill Passwords, and then select the “Locker” app. If you erase or Self Heal your devices, you’ll need to repeat this step. If disabled, Locker will remind your users during Check Out.


Is Two-Factor Authentication (2FA) supported?

2FA is supported for Password AutoFill. It’s determined by OneSign’s User Policy settings, including any applicable grace period set in OneSign. Users are challenged to enter either their Imprivata PIN or domain/OneSign Password before the first Password AutoFill event.

When will it ship?

Password AutoFill is part of GroundControl 5.0, which was released July 27, 2021.

What apps and web sites will AutoFill?

Imprivata is leveraging Apple’s built-in AutoFill functionality. This feature works with most apps and nearly all websites. For a list of currently tested apps that support AutoFill, visit this page. You can use our Autofill Discovery app to validate if your applications support Password AutoFill.

Can I AutoFill without OneSign?

No. Our implementation uses OneSign as the identity provider.

Any OneSign version requirements?

All currently maintained versions of OneSign are supported. As on other platforms, your OneSign administrator will load and deploy profiles for each iOS app and website. The mobile devices using AutoFill must have access to the same network as the OneSign appliance.

Can users update their application credentials on iOS? 

Not today. Users will need to update and maintain their passwords via a PC with OneSign agent. Similarly, a PC with OneSign agent is required to enroll new users.

Any logout capabilities?

Password AutoFill provides only login. Separately, GroundControl supports several ways to log out of apps, including Universal Link Callbacks. These methods require support from the app’s developers.