Epic Rover and GroundControl

Created: Modified: Knowledge Base

GroundControl integrates with Epic Rover for simplified login and logout of users on shared devices. The Imprivata Locker app allows users to easily check out a device, quickly access Rover with Password AutoFill, then have their data securely removed during check in. Users can set a personalized device PIN during checkout to encrypt and secure all apps on the device. This allows users to repeatedly access the whole device and alleviates the need for frequent re-authentication in Rover. The PIN is automatically removed and Rover data cleared when the device is returned.  

Configure Epic Rover 

When configured for username and password authentication, Epic Rover works seamlessly with Password Autofill. GroundControl can even check that Rover is successfully installed when provisioning iOS devices to ensure they are ready to be checked out.


On iOS, GroundControl requires disabling the local Keychain when enabling Password AutoFill from the Imprivata Locker iOS app. Epic admins can define the Rover user experience and set environment specific configurations in the Rover app using a managed AppConfig delivered by the MDM.  

IMPORTANT: For Password AutoFill to work on Epic Rover version 10.4.1 or later, Epic admins must configure the setting LOGIN.ENABLE_AUTOFILL to Yes. 

For detailed Rover configuration options and instructions, Imprivata recommends working directly with Epic.  

Configure Imprivata OneSign for Rover Password Autofill

Enterprise Password Autofill with the Imprivata Locker app uses profiles in Imprivata OneSign to allow users to select from a list of securely stored credentials when logging into apps. Apps with associated domains like Rover also support 1 tap autofill for an even faster login. For the best user experience, the Rover profile should be configured to prompt for 1 tap autofill using the iOS quicktype keyboard. An example profile is provided.

For more information, see Create Imprivata OneSign Profiles. 

    <global verCreate="6.0" verLastMod="6.0"/> 
       <app nm="epic.com" desc="Epic Rover" profileType="2" appType="0"> 
            <env type="200" nm="iOS"> 
                <scn nm="" auto="0" dgs="1"> 
                    <ctl var="USR"/> 
                    <ctl var="PWD"/> 

IMPORTANT: Setting the nm=”epic.com” allows users to use 1 tap autofill and does not require the user to select from a list of credentials.