Imprivata Documentation | Imprivata Enterprise Access Management (Confirm ID) 24.3 | Topic updated: February 27, 2025

Configuring MFA in an Imprivata SSO Enterprise

If you are adding Enterprise Access Management MFA (formerly Imprivata Confirm ID) to an existing Imprivata enterprise, complete the steps described in the following sections.

NOTE: If you do not have Enterprise Access Management SSO (formerly Imprivata OneSign), see Configuring MFA if You Do Not Have SSO.

Allow Enterprise Access Management MFA to Connect Outside The Firewall

Enterprise Access Management for MFA needs to contact remote communication sites to communicate with licensed services such as the Imprivata Cloud Token Service, the Imprivata Cloud, Insight, and log transmittal. For complete details, see About Outbound Communications.

(Optional) Configure Audit Record Retention

Enterprise Access Management retains audit information related to e-prescribing controlled substances for a minimum of two years per DEA regulations, or for longer depending on your state regulations.

To modify the amount of time for which Enterprise Access Management audit records are retained, change the Preserve regulated audit records setting in the Record maintenance section of the Settings page (Imprivata Admin Console > gear icon menu > Settings).

(Optional) Configure MFA Reports

In addition to system-wide activity reports, several reports are available for monitoring Enterprise Access Management (Imprivata Confirm ID) activities. See Enterprise Access Management MFA Reports

(Optional) Enable Integration with your EMR Application

You need to enable your EMR application to support authentication via Enterprise Access Management during supported signing workflows. See Integrate your EMR Application

(Optional) Enable Integration with your VPN Gateway

You need to configure your enterprise to support Remote Access authentication via Enterprise Access Management. See Remote Access: Before You Begin.

(Optional) Enable Integration with your Medical Devices

You need to enable your Medical Devices to support authentication via Enterprise Access Management. See Enabling Integration with your Medical Devices.

(Optional) Configure Supervised Enrollment

If your providers will be:

e-prescribing controlled substances, and
"Institutional providers" (not identity proofed by a Certificate Authority (CA) such as DigiCert, or a Credential Services Provider (CSP) such as Symantec Norton Secure Login)

Then by default, supervision is required to enroll their first facial biometric, fingerprint, OTP token, or Imprivata ID. Supervision of subsequent facial biometrics, fingerprints, OTP tokens, or Imprivata IDs for e-prescribing controlled substances is also enabled by default.

For more information, see Institutional Identity Proofing.