Cloud Service Fallback Methods

This document outlines fallback methods available to users if Imprivata cloud-based authentication services should be degraded or unavailable.

Causes can include:

  • Imprivata cloud service degradation or outage

  • Degradation or outage of the third-party vendors Imprivata cloud services rely on (AWS, Twilio, Apple notification service, Google notification service, Apple Push Notifications Services, Google Cloud Messaging)

  • Loss of Imprivata appliance's connectivity to the cloud

  • Loss of a phone's connectivity to the cloud - where phone-based authentication is used.

Imprivata recommends establishing the following fallback methods to minimize the effect on users in the event of an outage or service degradation. Not all of these methods are effective in every situation, but having all in place grants maximum resiliency.

Workflow Fallback Methods
Remote Access

  • Manual entry of the OTP if using the IID app 

  • Customer help desk can issue Temporary Codes via the Admin UI to allow one or multiple authentications for a time period designated by the help desk

  •   IT administrators and other key users (help desk) can be provided with OneSpan (formerly Vasco) tokens that can be used to generate temporary codes in the absence of cloud connectivity from appliances enabling VPN access

  • Confirm ID for Remote Access can be configured to allow password only access.  This is done by editing the access methods in the Workflow Policy for Remote Access.

    NOTE: To add a password-only entry, all combinations of password and another factor must be removed first

  • As a last-resort fallback , it is possible to remove the CIDRA integration from your edge device.   Consult your edge device’s documentation on how to do that.   If this is an  option you would like to add to your disaster recovery plan, Imprivata recommends having this configuration ready and tested on your gateway beforehand.
EPCS Signing

  • Manual entry of the OTP using the IID app 

  • Provide fingerprint readers as an alternative method (for EPCS on clinical workstations)

  •   Provide Hands Free Auth as an alternative method (for EPCS on clinical workstations) 

  • Provide OneSpan OTP tokens as an alternative method
Individual Identity Proofing with DigiCert 

  • Select voice call as an alternative method for the user to receive the OTP
Clinical Workflows

  • Manual entry of the OTP using the IID app 

  • Any other supported authentication methods if on a clinical workstation, including proximity card, fingerprint, HFA

Authentication Methods Dependencies

This table shows the availability of available authentication methods cross-referenced with possible outage causes.

  Imprivata Cloud outage Third-Party services outage Appliance connection failure Phone connection failure
Imprivata ID Push notifications Unavailable Unavailable Unavailable Unavailable
Imprivata ID Manual OTP verification Unavailable Works as expected Unavailable Works as expected
SMS OTP authentication Unavailable Unavailable Unavailable Unavailable
Hands Free authentication Unavailable Works as expected Unavailable Works as expected
Fingerprint authentication Works as expected Works as expected Works as expected Works as expected
Proximity card authentication Works as expected Works as expected Works as expected Works as expected
OneSpan OTP Tokens Works as expected Works as expected Works as expected Works as expected
Imprivata temporary codes Works as expected Works as expected Works as expected Works as expected