What's New in Imprivata Enterprise Access Management 25.2

The Imprivata macOS agent is now GA and supports additional capabilities, including:

• Tap over to switch user

• Offline mode

• Inactivity detection

• A customizable login screen

For more information, see the Installing and Configuring the Imprivata macOS Agent guide.

The Proximity Cards page in the Imprivata Admin Console has been improved to add the ability to make changes to proximity cards in your list one at a time, multiple cards at a time, or all at once, directly in the Imprivata Admin Console, without importing a CSV file.

For more information, see Managing Proximity Cards.

• Support for this feature is included in the Imprivata Enterprise Access Management 25.2 appliance IPM. A custom IPM is no longer required.

• Support for this feature no longer requires a custom installation of the Imprivata agent.

• The setup wizard for connecting your Imprivata enterprise and your tenant on the Imprivata Control Center has been improved.

• Users can now delete their own face enrollment.

For more information, see Face Recognition Authentication.

This feature extends Imprivata's OpenID Connect implementation to include custom claims in the Web SSO token, enhancing flexibility and compatibility for both desktop and mobile applications.

Imprivata supports passwordless authentication for Desktop Authentication at Type 1 single-user workstations with a device-bound passkey.

For more information, see Passwordless Authentication with Device-Bound Passkey.

Imprivata Self-Service Password Reset (SSPR) has been enhanced to support face recognition as the primary factor of authentication. When using face recognition as a primary factor, users must also respond to a one-time SMS code sent to their phone to verify their identity. Users enter their code into the self-service web application when authenticating for a domain password reset.

For more information, see Imprivata Self-Service Password Reset.

Users outside of North America can now use the Imprivata enrollment utility to enroll their mobile phones to receive SMS text messages. Support for international phone numbers applies to all Imprivata Enterprise Access Management with SSO and Imprivata Enterprise Access Management with MFA functionality that supports SMS as a second authentication factor.

Phone numbers from the following countries are supported: UK, Ireland, Germany, France, Netherlands, Belgium, Switzerland, Sweden, Denmark, Austria, Finland, Luxemburg, Australia, UAE, and New Zealand.

You can now deploy all end user-facing interfaces in Czech.

You can now configure a disk space utilization threshold to trigger an alert email using the Max Partition Usage setting (Systems > Settings tab) in the Imprivata Appliance Console. This setting helps you to monitor disk usage and take proactive action before critical space issues occur.

For more information, see Imprivata Appliance System Settings.

Proactive emails and a banner in the Imprivata Admin Console notify the administrator that the Enterprise Access Management self-signed enterprise certificate is about to expire.

For more information, see Integrate your EMR Application

For more information on new 25.2 qualifications and certifications, see Imprivata Confirm ID Supported Components.

The Classic Windows login is deprecated and will no longer be supported after Q1 2026.

Imprivata is committed to innovation and is focusing efforts on the Imprivata login. It is recommended that you begin planning a migration to the Imprivata login. For more information about the Imprivata login and next steps, see the FAQ.

While Microsoft has not announced a release date for their planned update to LDAP channel binding and LDAP signing requirements, it is recommended that Imprivata administrators verify that their Imprivata directory (domain) connections are configured for SSL. When the update is applied, any directory connection that is not configured for SSL may fail.

To verify the connection settings, go to the Directories page (Users menu > Directories) and open the required domain. Verify that Use TLS for secure communication is selected.

As part of Imprivata's continuing effort to increase our security posture, beginning with the 7.4 release, Imprivata disables the use of older TLS versions 1.0 and 1.1 for all appliance communications.

For more information on TLS usage, see the "About TLS Communication" topic in the Imprivata Online Help.

As part of Imprivata's continuing effort to increase our security posture, this release includes two modes of API access through the Confirm ID and ProveID API:

• Full

  Full access enables the ability to use the Confirm ID COM interface. Full access is required in the following areas because of the reliance on the COM interfaces:

  • Clinical Workflows

  • EPCS

  • Imprivata Connector for Epic Hyperdrive

  • When Imprivata Confirm ID needs a password.

• Restricted

  In restricted mode, access to Password and UserAppCreds resources are disabled. A ResourceRequest that includes an attribute id of Password or UserAppCreds returns a response with a message stating that access is restricted and status code 403.

By default, Confirm ID access is disabled and ProveID API access is set to restricted. The settings to manage API access are on the API access page in the Imprivata Admin Console.

Beginning with 25.2, you can no longer directly run the Imprivata agent installer. This includes:

• Double-clicking the MSI.

• Right-clicking the MSI and running as an administrator.

Launching the installer directly requires you to execute the MSI from an elevated command prompt. Directly running the MSI results in an error message stating that you do not have the required permissions. This behavior occurs even if you are logged into the Windows endpoint with administrator credentials.

When you set up a new G4 appliance on a network that does not use DHCP, then in the Appliance Setup Wizard process, under System Information, the Host Name and Domain Name fields get prepopulated with values localhost and localdomain. Previously, in Imprivata Confirm ID 7.8 and earlier, these fields were left blank. You must replace the prepopulated values with values for the permanent host name and domain name of the appliance.

Imprivata's Secure Walk Away added support for a Nordic Bluetooth Low Energy (BLE) receiver in Imprivata OneSign and Imprivata Confirm ID 7.11. The Bluetooth receiver sensitivity may vary for different mobile devices. If your users report that their workstations lock because Secure Walk Away does not detect their mobile devices, adjust the Secure Walk Away – Imprivata ID Sensitivity slider control in the computer policy assigned to those workstations.

For more information, see Configuring Imprivata Secure Walk Away