Barcode Authentication

Imprivata Enterprise Access Management (formerly Imprivata Confirm ID) supports authenticating at Welch Allyn medical devices with a barcode. When this feature is configured, a user scans her barcode at a Welch Allyn medical device, and her barcode value is authenticated against the extended user attribute enrolled with Enterprise Access Management.

Before You Begin

Your Active Directory domain must already include the barcode values for each user stored as an Extended User Attribute. Enterprise Access Management does not include an enrollment workflow for barcodes; you will sync these values from Active Directory during this configuration.

Add Extended Attributes to Users in Domain

  1. In the Imprivata Admin Console, go to UsersDirectories and select the domain that includes your barcode users.

    NOTE:

    For details on adding a new domain to your Imprivata enterprise, see Managing Domains (Directories).

  2. On the Edit Directories page, click Next to advance to the Synchronize Users page.

  3. In the Extended User Attributes section, click Add to add the following attribute:

    • Extended User Attribute Name — Active Directory attribute that should be used

    • Imprivata Meaning — Select Employee barcode from the drop-down list.

    • Label — Name for the authentication method ('Employee Barcode', for example). This will be displayed in the Imprivata Admin Console and in reports.

  4. Click Synchronize Now.

Verify Barcodes Are Assigned To Users

  1. In the Imprivata Admin Console, go to UsersUsers

  2. Select:

    • Search for Users: Employee Barcode
    • View User Fields of: Extended User Attributes

    Only your users that include the attribute are listed with their Employee Barcode value.

  3. Alternately, you can also click on an individual user name to view attributes synchronized from Active Directory.

Add Welch Allyn as a Medical Device

  1. In the Imprivata Admin Console, go to DevicesIntegrate

  2. Click Add a medical device

  3. Select Welch Allyn from the drop-down list.

  4. Click OK.

Configure User Policy

Create a user policy for your barcode users:

  1. In the Imprivata Admin Console, go to UsersUser policies

  2. Select a user policy that will include your barcode users, or create a new user policy for them.

    BEST PRACTICE:

    Do not configure your Default User Policy for Barcode authentication. Every new user added to Imprivata Confirm ID is automatically assigned to the Default User Policy and would be enabled for barcode authentication.

  3. Edit the user policy: in the section Desktop Access authentication, check Proximity Card.

  4. Click Save.

    Because Barcode and Proximity Card share the same control in User Policy, users enabled for Barcode Authentication will also be enabled for Desktop Authentication with Proximity Card (if this is enabled in your Enterprise Access Management environment.)

Apply User Policy to Users

Apply this user policy to your barcode users:

  1. In the Imprivata Admin Console, go to UsersUsers

  2. Select:

    • Search for Users: Employee Barcode
    • View User Fields of: Extended User Attributes

    Only your users that include the attribute are listed with their Employee Barcode value.

  3. Click the checkboxes next to their usernames (or click Select All as a bulk action)

  4. Click Apply Policy...

  5. Select your user policy for barcode users from the list.

  6. Click OK.

Configure Medical Device Workflow

  1. In the Imprivata Admin Console, go to UsersWorkflow policy

  2. In the section Medical device workflows, choose the appropriate workflow and select Proximity card as an authentication method.

  3. Click Associate user policies and select the user policy you created above.

  4. Click Save.

    For more on configuring Enterprise Access Management MFA workflows, see Configuring the Enterprise Access Management MFA Workflow Policy.

NOTE:

After you click Save, barcode authentication on Welch Allyn devices is enabled.

Troubleshooting Duplicate Barcode Values

When two users in Active Directory have the same value in the Barcode attribute, the last synchronized user will be enrolled with Enterprise Access Management Barcode authentication.

Enterprise Access Management will not enroll any other user(s) with the same Barcode attribute value. Their extended user attribute value will appear on their User Details page > Extended User Attributes section with an error message:

(cannot enroll, duplicate found)

Cleaning Up Duplicate Barcode Values

Simply deleting extended user attributes from one user in Active Directory will not cause another user to be enrolled for Barcode authentication in Enterprise Access Management, because domain synchronization only updates users whose values have changed.

In this example, Users A, B, and C have identical Barcode extended user attribute values synchronized with Enterprise Access Management, but only User C is enrolled for Barcode authentication.

To clean up duplicate barcode values and enroll all users:

  1. Delete the extended user attribute values for User A and User B in Active Directory.

  2. Synchronize the domain with Enterprise Access Management.

    The Barcode extended user attribute and error message will no longer be displayed for User A and User B.

    User C will remain enrolled.

  3. Assign new, unique barcode values to User A and User B in Active Directory.

  4. Synchronize the domain with Enterprise Access Management again.

    User and and User B are now enrolled. The new Barcode extended user attributes will be displayed for User A and User B, with no error message.