Managing User Devices

See also Enterprise Access Management with MFA Troubleshooting

Instruct users to report lost or stolen devices to your helpdesk within 24 hours of the loss. When a loss is reported, delete the user's Imprivata ID enrollment:

  1. In the Imprivata Admin Console, go to Users > Users, and select the user.

  2. In the section Authentication Methods > Imprivata ID, check Delete Enrollment.

  3. Review the Caution message, and click Continue.

  4. Click Save.

After the device is replaced, the user will need to download the Imprivata ID app again and enroll a new Imprivata ID.

You can also enable users to delete an enrolled Imprivata ID from their workstation without calling your helpdesk first:

  1. In the Imprivata Admin Console, go to Users > User Policies and select a user policy.

  2. On the Authentication tab, go to Authentication Method Options > Imprivata ID.

  3. Select Allow users to manage Imprivata ID.

  4. Click Save.

NOTE: If you have configured Imprivata Enterprise Access Management (formerly Imprivata Confirm ID) to prompt users to enroll Imprivata ID, that prompt won't appear unless you also delete their SMS code enrollment.

You can also enable users to delete an enrolled Imprivata ID from their workstation without calling your helpdesk first:

  1. In the Imprivata Admin Console, go to Users > User Policies and select a user policy.

  2. On the Authentication tab, go to Authentication Method Options > Imprivata ID.

  3. Select Allow users to manage Imprivata ID.

  4. Click Save.

When Imprivata ID is required to log in but the user doesn't have their device or OTP token, Imprivata has made it easy for your enterprise to issue a temporary code allowing your user to continue their work virtually uninterrupted. See Imprivata Temporary Codes.

If a user accidentally deletes the Imprivata ID app, disable the user's currently enrolled Imprivata ID (in the Imprivata Admin Console, go to Users > Users and select the user to edit.) The user will need to download the Imprivata ID app again and enroll a new Imprivata ID.

You can also enable users to delete an enrolled Imprivata ID from their workstation without calling your helpdesk first:

  1. In the Imprivata Admin Console, go to Users > User Policies and select a user policy.

  2. On the Authentication tab, go to Authentication Method Options > Imprivata ID.

  3. Select Allow users to manage Imprivata ID.

  4. Click Save.

Instruct users to notify your helpdesk within 24 hours when they've replaced their device. When they stop using their device, sell it, or discard it, delete the user's Imprivata ID enrollment:

  1. In the Imprivata Admin Console, go to Users > Users, and select the user.

  2. In the section Authentication Methods > Imprivata ID, check Delete Enrollment.

  3. Review the Caution message, and click Continue.

  4. Click Save.

The user will need to download the Imprivata ID app on their new device and enroll a new Imprivata ID.

You can also enable users to delete an enrolled Imprivata ID from their workstation without calling your helpdesk first:

  1. In the Imprivata Admin Console, go to Users > User Policies and select a user policy.

  2. On the Authentication tab, go to Authentication Method Options > Imprivata ID.

  3. Select Allow users to manage Imprivata ID.

  4. Click Save.

NOTE: If a user has never installed the Imprivata ID app, and they are only using their device to receive SMS text notifications, they do not need to do anything when they replace their device as long as they keep the same phone number.

If the user changes phone numbers, there is no impact on the user unless they have their phone number enrolled for SMS Code authentication:

The user must contact their Imprivata Enterprise Access Management administrator, who will delete the SMS Code enrollment. Then the user can enroll a new phone number.