Mobile Access Management integrates with Epic Rover for simplified login and logout of users on shared devices.
- The Imprivata Locker app allows users to easily check out a device, quickly access Rover with Password AutoFill, then have their data securely removed during check in.
- Users can set a personalized device PIN during checkout to encrypt and secure all apps on the device. This allows users to repeatedly access the whole device and alleviates the need for frequent re-authentication in Rover.
The PIN is automatically removed and Rover data cleared when the device is returned.
Configure Epic Rover
When configured for username and password authentication, Epic Rover works seamlessly with Password Autofill. Mobile Access Management can even check that Rover is successfully installed when provisioning iOS devices to ensure they are ready to be checked out.
Requirements
On iOS, Mobile Access Management requires disabling the local Keychain when enabling Password AutoFill from the Imprivata Locker iOS app. Epic admins can define the Rover user experience and set environment specific configurations in the Rover app using a managed AppConfig delivered by the MDM.
IMPORTANT: For Password AutoFill to work on Epic Rover version 10.4.1 or later, Epic admins must configure the setting LOGIN.ENABLE_AUTOFILL to Yes.
For detailed Rover configuration options and instructions, Imprivata recommends working directly with Epic.
Configure Imprivata OneSign for Rover Password Autofill
Enterprise Password Autofill with the Imprivata Locker app uses profiles in Imprivata Enterprise Access Management (formerly Imprivata OneSign) to allow users to select from a list of securely stored credentials when logging into apps. Apps with associated domains like Rover also support 1 tap autofill for an even faster login. For the best user experience, the Rover profile should be configured to prompt for 1 tap autofill using the iOS quicktype keyboard. An example profile is provided.
For more information, see Create Imprivata OneSign Profiles.
IMPORTANT: Setting the nm=”epic.com” allows users to use 1 tap autofill and does not require the user to select from a list of credentials.
Logout
Mobile Access Management supports logout of Epic Rover by force quitting the app to clear the current user session. For iOS, select the ‘Epic Rover’ entry in the Check In action app list to force quit Epic Rover during a check in. Epic Rover will be logged out, and on the next check out will prompt the next user to log in. This supported logout method affects the device only, and does not communicate the logout to the Epic environment.
MAM also supports an enhanced Epic API driven logout method that requires additional configuration. For more information, see Configure Enhanced Epic Rover Logout.