Optional — Non-Licensed User Access

When you integrate Imprivata Enterprise Access Management Remote Access with your gateway, the following users will be blocked from logging in:

• Imprivata MFA and SSO users who are not licensed for Remote Access, and

• All non-Imprivata users: users not synced with the Imprivata users list.

However, you can override this default behavior and allow remote access for these users:

1. In the Imprivata Admin Console, go to Applications > Remote access integrations

2. Select an integration.

3. In the section Non-licensed user access, select Allow remote access for users without an Imprivata Confirm ID for Remote Access license.

4. Click Save.

This option uses Active Directory authentication for these users only, bypassing Enterprise Access Management authentication.

Active Directory Groups Queried

When searching for a user in Active Directory. Imprivata will query Active Directory groups as follows:

Users synced with the Imprivata appliance — The Imprivata appliance will query direct group and nested group memberships.

Users not synced with the Imprivata appliance — The Imprivata appliance will only query direct group memberships.

Troubleshooting — Nested Groups Not Queried

Nested groups are not queried in the Remote Access Log In workflow. If you allow non-licensed user access but a non-Imprivata user is still blocked from Remote Access, the cause may be because their Active Directory group is nested.

Example

• A user is a member of Group1.

• Group1 is a member of Group2 = Group1 is nested in Group2.

• Group1 is not queried for non-Imprivata users attempting Remote Access.

Solution

If you need to provide remote access to non-Imprivata users in nested groups, sync them with the Imprivata appliance. You do not need to license them for any Imprivata features. The sync alone will cause them to be queried by Enterprise Access Management for Remote Access.