What is Password AutoFill?
We are integrating GroundControl Check Out with Imprivata OneSign. After checking out an iPhone to a user, the system will make a user’s credentials available to them when needed through Apple’s AutoFill framework on the phone.
For most apps, users will tap the “Passwords” button above the keyboard. This will present a list of application credentials that will be automatically typed for the user.
Web sites and apps with an associated domain are even easier, and include the correct user credentials as part of the keyboard layout. An associated domain can only be enabled by the app’s vendor, and not Imprivata.
At the end of a shift, GroundControl purges credentials from the phone while checking in and locking down the device.
How do I configure Password AutoFill on my devices?
Password AutoFill requires GroundControl Check Out and OneSign. In the GroundControl server console, there are settings for 2FA type (Imprivata PIN or Password) and keyboard type (numeric or alphanumeric). In OneSign, you’ll load profiles for each app and web site, and deploy these to your user groups.
On each device, after initial provisioning, you’ll enable AutoFill by opening Settings > Passwords > AutoFill Passwords, and then select the “Locker” app. If you erase or Self Heal your devices, you’ll need to repeat this step. If disabled, Locker will remind your users during Check Out.
Is Two-Factor Authentication (2FA) supported?
2FA will be supported and required for Password AutoFill. Users are challenged to enter their Imprivata PIN or OneSign Password before the first Password AutoFill event.
When will it ship? When is it testable?
We expect to ship Password AutoFill with GroundControl 5.0, at the end of July 2021. We are aiming to have testing available before then.
What apps and web sites will AutoFill?
Imprivata is leveraging Apple’s built-in AutoFill functionality. This feature works with most apps and nearly all websites. We will make available a validation tool to check compatibility.
Can I AutoFill without OneSign?
No. Our implementation uses OneSign as the identity provider.
Any OneSign version requirements?
Imprivata OneSign 6.3 and later are supported. As on other platforms, your OneSign administrator will load and deploy profiles for each iOS app and website. The mobile devices using AutoFill must have access to the same network as the OneSign appliance.
Any logout capabilities?
Password AutoFill provides only login. Separately, GroundControl supports several ways to log out of apps, including Universal Link Callbacks. These methods require support from the app’s developers.