About Outbound Communications

Imprivata Appliance

A fully licensed and enabled Imprivata appliance needs to contact the remote communication sites identified below to communicate with licensed services such as Insight, Imprivata Cloud Token Service, Imprivata Enterprise Access Management for MFA (formerly Imprivata Confirm ID), and log transmittal.

Port	Protocol	Direction	Host	Description
443	HTTPS	Outbound	icps.imprivata.com	Enterprise Access Management (Confirm ID) certificate server. Used when initially configuring the Imprivata Confirm ID certificate
443	HTTPS	Outbound	osmul.imprivata.com	Enterprise Access Management (OneSign) Insight metrics server. Collects Insight data
443	HTTPS	Outbound	oslful.imprivata.com	Imprivata Support log file server. Used when submitting log files directly from Imprivata Appliance Console only when requested by Imprivata Support
443	HTTPS	Outbound	rpapi.cts.imprivata.com	Imprivata Cloud Token Service. Used by Enterprise Access Management for user services
443	HTTPS	Outbound	api.digicert.com	DigiCert server required for Individual identity proofing
	HTTP	Outbound	http://ocsp.digicert.com	DigiCert server required for revocation checking via the online certificate status protocol
	HTTP	Outbound	http://ocsptest.digicert.com	Non-production DigiCert server for revocation checking via the online certificate status protocol. For test computers only. 1
443	HTTPS	Outbound	www.digicert.com	DigiCert identity proofing: required to access the token URL in the enrollment utility.
443	HTTPS	Outbound	*.amazonaws.com1 It is not currently possible to whitelist a specific URL. Perform the configuration according to the documentation and add *.amazonaws.com to the whitelist. The URL to the AWS bucket is dynamic.	A connection to Amazon S3 is needed for the Imprivata appliance to update the DigiCert metadata (e.g. the client certificate). This is required for Individual identity proofing of new users.2 Test computers in a non-production enterprise use a test DigiCert server for revocation checking. If communication to the test DigiCert host is blocked, the user may see an alert in the that the DigiCert service is down. Functionality is not blocked; revocation checking will not occur.
443	HTTPS	Outbound	*.cloud.imprivata.com	Connection to the Imprivata Cloud, allows communication from users outside the firewall to Enterprise Access Management inside the firewall.