Single Sign On for the Admin Console
Imprivata enables Single Sign On access to your Patient Access Admin Console, and other Imprivata Admin Consoles, all from access.imprivata.com
, powered by the Imprivata Cloud Platform.
Set Up the Connection to the Imprivata Cloud Platform
Configure the secure connection between your identity provider (IdP) and the Imprivata Cloud Platform.
Setup Wizard
Contact Imprivata Services. Imprivata Services will create a Cloud Tenant for your enterprise, and send a Welcome email with a link to the Cloud Tenant Setup wizard. Click the link in the email and follow the wizard to complete the secure connection.
Open your identity provider (IdP) console at the same time as the Cloud Tenant Setup wizard because they need metadata from each other.
Before You Begin
-
Optional — You need a PNG, JPG, or GIF of your organization logo (200 x 100 pixels or smaller, max 100KB).
Wizarding Steps
The setup wizard leads you through the following steps:
-
Agree to the Data Processing Addendum.
-
In the Cloud Tenant Setup Wizard, on the Connect to Enterprise Access Management page, click Skip to skip connecting to Imprivata Enterprise Access Management.
-
Click Copy under Copy the Imprivata SP metadata URL. Paste the URL in a new browser tab, and save the page as an XML file. You will use this Imprivata SP metadata XML in a later step.
IMPORTANT: To configure the integration with Entra ID as the IdP, continue here: Configure Entra ID as The Identity Provider. -
To enable SSO to the Imprivata Control Center using your SAML IdP (e.g., Entra ID, Okta, Ping ID): Before you leave this page, select Administrator console single sign-on using SAML.
-
Provide the Imprivata SP metadata URL to your IdP.
NOTE:-
Sign On URL —
https://access.imprivata.com
-
Recommended — Configure
email address
as the NameID format for user identity. -
Recommended — Configure Group ID (rather than group name) as the source attribute for group claims.
-
-
Enter your IdP's SAML metadata in the wizard.
-
Configure the groups that identify users with administrative access.
-
Add your organization's business email address, user-facing name, and logo.

This section provides details for Microsoft Entra ID configuration.
-
In the Entra app:
-
Select Microsoft Entra ID > Manage > Enterprise applications and select New application. Then select Create your own application.
-
Enter a display name for your new application, select Integrate any other application you don't find in the gallery, then select Create.
-
Go to Overview > Assign users and groups, and add users and groups.
-
Select Set up single sign-on.
-
Select SAML as the single sign-on method.
-
Click Upload metadata file and upload the Imprivata SP metadata XML file you created earlier.
-
For Basic SAML Configuration, provide the Sign on URL
https://access.imprivata.com
. -
Click Save and close the Basic SAML Configuration applet.
-
Under SAML Certificates, copy the App Federation Metadata Url.
-
-
In the Imprivata Setup Wizard:
-
Enter Entra's SAML IdP metadata URL in the wizard.
-
Click Continue, which will take you to a page to configure security groups for admin access.
-
The next section asks you to configure SAML group claims to authorize administrators. Admins can modify the SAML configuration and generate additional integration tokens later.
-
In the Entra app:
-
click Attributes & Claims > Edit
-
Click Add a group claim if there isn’t one already. Click Save.
BEST PRACTICE:Use Group ID as the source attribute.
-
Copy the claim name for groups from Entra ID.
Example
http://schemas.microsoft.com/ws/2008/06/identity/claims/groups
.
-
-
In the Imprivata setup wizard > Identity Provider: Connect page, paste the claim name into the field for SAML attribute name.
-
In the Entra app:
-
Copy the Object ID for a group that should have administrator access to Imprivata.
-
-
In the Imprivata setup wizard > Identity Provider: Connect page, paste the Object ID for SAML attribute value. You can enter multiple groups separated by commas.
-
In the Imprivata setup wizard, click Continue.
Add your organization's business email address, user-facing name, and logo.
-
Click Continue to complete the wizard.
-
Click Go to access.imprivata.com to test your expected workflow for accessing the Imprivata Control Center.
-
At the login screen, enter an email address with the same domain you configured in the setup wizard, and click Continue.
You will be redirected to your Entra ID login screen.
-
After authenticating with Entra ID, you will be redirected to your Imprivata Control Center.
-
Click Patient Access to navigate to your Patient Access Admin Console