What's New in Imprivata Mobile Access Management

Imprivata Mobile Access Management 7.2.1 contains the following new features and technology updates.

New Features

Locker SSO

The Imprivata Locker iOS app can now perform passwordless single sign on into apps that support OIDC, like Epic Rover. Locker SSO makes the end user app login experience even simpler than Password Autofill and requires zero training. Unlike Password Autofill, Locker SSO does not require any manual configuration on the device by either an IT technician or user.

Device Home Dashboard

Simplified view for department managers to view the status of their devices.

Face Authentication for Epic Rover

Users can skip the device passcode and log directly into apps with their face. This configuration allows devices to be deployed without requiring a device level passcode, while still offering high assurance to IT that data is protected.

Personalized Lock Screen - iOS

The Personalized Lock Screen is more customizable and shows additional important information. The Personalized Lock Screen feature now allows IT Admins to customize the name format for user privacy, display up to four additional location or device attributes, and even optionally display the time left before the device must be returned.

Launchpad Multi-Language Support - German

The Launchpad Display for End-users now supports localization, including German.

Additional Improvements

MAM Server

  • New “Out of Service” attribute allows a MAM admin to exclude a device from all automation rules, to take a device out of circulation for technician attention.

  • New 'Department Manager' user role can be automatically assigned to newly auto-created SAML users.

  • The Launchpad page now displays when a Launchpad is out of sync with server configuration and requires a restart.

  • Server now automatically sends a 'Sync' command to Microsoft Intune after the clear passcode command is sent to improve timeliness and reliability.

  • The MAM console DEP tab has been renamed to Supervision Identities and now lists the expiration date of the supervision identity certificate used to connect to iOS devices.

  • Users can now generate a supervision identity on the MAM server before registering the first Launchpad. Registering a first Launchpad continues to generate a supervision identity automatically, if performed first.

  • When configuring MAM to connect to an Epic environment the MAM admin is now emailed the JWK URL used to authenticate to their Epic environment.

  • When configuring MAM to connect to an Epic environment, the Epic environments list view now has an option to copy JWK URL. Applies to Epic May 2026 and later.

  • For devices configured for Microsoft Shared Device Mode, activity logs now show when SDM is detected and when MSAL reports logout is successful.

Imprivata Locker

  • Locker Diagnostics now displays when Microsoft Shared Device Mode is detected or not detected

  • Locker now detects during check out if a previous Shared Device Mode user was not logged out successfully and prevents the check out from proceeding. When using standard check out workflow, admins are encouraged to follow standard workflows and use the ‘Reboot and Check In’ configuration to remediate the device.

  • Admins can now hide the 'You need to configure...Password Autofill' prompt from displaying during check out with the Locker Custom Option "HidePasswordAutoFillPrompt" set to "true". Applies to iOS devices only.

Fixed Issues

Server

  • Server now distributes LP daily restarts (30 per minute) evenly, rather than in batches per minute.

  • Fixed an issue where the Smart Hub Display would sometimes show a previous user’s name when returning a device unlocked by Emergency Unlock PIN.

  • Fixed an issue that prevented Audit Log from displaying long entries correctly.

Launchpad

  • Fixed an issue the prevented wallpapers from being correctly scaled for certain device types.

Imprivata Locker

  • Resolved an issue that could sometimes lead to a previous user’s username being shown during Microsoft MSAL login.

  • Resolved an issue when check in is configured with no app logouts that could result in Locker appearing locked but user is still able to exit.

Lifecycle Updates

  • Beginning on Jan 1, 2026, MAM no longer supports Android 9, 10, and 11.

  • MAM will end support for Android 12 at the end of June 2026.

For questions or comments about this release, contact the Product Management and Product Marketing teams at mobile@imprivata.com.

Previous Releases

Features and fixed issues from previous releases.

Reboot & Check In for Express Checkout

Automatically remediates unhealthy iOS devices during express checkout, restoring them to a reliable state before the next use. A zero-touch process ensures a consistent user experience while saving admins time and reducing operational overhead. Reboot & Check In for Express Checkout is automatically enabled in any Express Checkout workflow.

Restart Smart Hub

Remotely restart Smart Hubs from the MAM console, enabling admins to take action, ensuring Smart Hubs remain responsive and connected. Smart Hubs can be restarted individually or as part of a scheduled Launchpad Restart for efficient, coordinated maintenance.

Only supported for Launchpads running 7.2 and later.

Additional Improvements

MAM Server

  • Added support for delegated permissions for the Graph API (Microsoft Intune)

  • "More info" links in the MAM console redirect to Imprivata’s new documentation portal

Locker

  • Added support for German language (iOS only)

  • Updated the SDK for Microsoft Authentication Library (MSAL)

Fixed Issues

MAM Server

  • Configuring Epic API Logout now requires setting up the non-production environment first

  • Admins with long email addresses now display correctly on the Admin > Teams tab

  • Email alerts for disconnected Launchpads no longer send before the specified "Notify me" time

  • The Checkout Status of an overdue device now updates to Overdue automatically, without refreshing the page

  • Smart Folders now display the correct number of devices when adding or editing a folder

  • Dropdown menus with long values now wrap properly on the Automation tab

  • Fixed an issue where the Serial Number of a Smart Hub was sometimes missing from Launchpad exports

  • Fixed an issue where multiple IPSW downloads appeared on the Launchpad details page

Locker

  • Fixed an issue where the message "Imprivata PIN is not enrolled" was not displayed when expected

  • Fixed an issue where mobile enrollment could fail if the network connection was lost during enrollment

Launchpad

  • Fixed an issue where the "Launchpad has been upgraded" banner was not being displayed

  • Fixed an issue where a Launchpad could become unregistered under certain conditions

Ecosystem Qualifications

  • Added support for iOS 26

  • Added support for macOS 26

  • Added support for Android 16

Locker Android 2.1 HF4 was released on October 27, 2025.

This hotfix contained the following changes:

  • Fix for Critical Alarm notifications are not displayed on Spectralink devices during regular undocked use. (SER-16987, IM-17259)

Locker Android 2.1 HF3 was released on September 26, 2025.

This hotfix contained the following changes:

  • Enhancement: Added prominent disclosure that Locker Android is collecting installed apps information. (IM-16950)

    NOTE:

    This enhancement was added to address a new Google Play requirement for Locker Android to be more explicit on what it is collecting and sending third party apps installed on a device for troubleshooting purposes.

    The consent permission is now displayed first over the other Locker Android permissions.

  • Fixed an issue that Android Locker was sometimes crashing after being upgraded to Android Locker v2.1, an issue that subsequently was blocking users' ability to authenticate into the app (SER-16879, SF 01526068 & 01526117).

    NOTE:

    The issue is not present in Imprivata Locker for iOS.

    This issue is independent of EAM version.

Personalized Folders for Launchpads and Devices

Admins can define smart folders for Launchpads and devices that dynamically populate based on Launchpad or device attributes. Folders are personal to the user so they can quickly access information relevant to them. Admins can quickly deploy to smart folder targets with bulk deploy. The dynamic list can be exported to a CSV file.

Smart Search for Attributes

Smart Search allows users to search-as-you-type when entering attributes.

Mass Deploy Launchpads (MacOS)

Admins can generate auto registration files to distribute and configure the Launchpad client on many Macs with their MDM.

Additional Improvements

  • Smart Search for attributes is also available in Automation Rules when using the “Is” or “Is Not” operators

  • Automation Rules can now be cloned

  • New Dashboard tile for “Devices erased and ready for deployment” shows devices that are ready to be provisioned.

Fixed Issues in MAM 7.1

  • Console Admins can again publish workflows to child organizations

  • Fixed an issue that would sometimes cause SAML users to see a vague error when their IdP session had timed out

  • Launchpad disconnected emails are no longer sent when the Launchpad is reconnected in the specified alert threshold

  • Improved the reliability of iOS Updates when performed on several devices concurrently

  • IMEIs for connected iOS devices are now shown consistently

  • Resolved a Launchpad crash when a Smart Hub is connected to a Mac running macOS 26 Tahoe Beta

  • Locker iOS now re-prompts for camera access during face authentication if the camera permission was previously enabled and then disabled

  • The Windows Launchpad will no longer crash when the log file destination runs out of storage space

  • Resolved an issue that would sometime prevent the Launchpad from relaunching after an upgrade.

Face Recognition Authentication Method for Check Out

Users can now use their face to satisfy multi-factor authentication when checking out a shared device. 

Requires integration with Imprivata Enterprise Access Management and Imprivata appliances running 25.2 (or later) software.

Personalized Lock Screen for Check Out using Live Activities — iOS

This release supports using Live Activities to display the device user on the lock screen. View the name of the person who checked out the device from the Lock Screen.  

Enhanced Console Admin Permissions for Large Organizations

Large organizations with multi-tiered parent-child organizations now have the ability to assign unique roles to an admin identity at different levels of their organization, while configuring SAML identity federation only once. This provides a simple way to configure identity federation with an enterprise identity provider to enforce MFA access to the MAM console. Once authenticated, users can be given the correct level of access for the locations that are relevant to them, while limiting access to locations they are not responsible for.

Imprivata Common UI

The MAM console and the Imprivata Locker apps now share the common Imprivata user interface style.

Additional Improvements

  • Express Check Out for Locker iOS is no longer in preview and is the recommended default check out experience.

  • Failed standard Check Out workflows now default to a 'Reboot and Check In' On Failure action. This excludes 'Device Remain Plugged In' time outs, and existing workflows are not modified.

  • Administrators are no longer required to configure MFA keyboard type for PIN or Password. The Imprivata Locker app now automatically offers the correct user experience based on assigned user policy.

  • New customer organizations automatically enforce policy assigned MFA before a checked out device is unlocked. Existing organization can now optionally toggle this behavior to ensure MFA is satisfied. (Grace period remains respected).

  • Admin > Team page now offers user search and filter pills.

  • User role is now displayed in the user account settings modal.

  • Updated MDM names and icons.

  • The 'Device Checkout Status' column is automatically added to the Launchpad view when Check Out is enabled for the org.

  • The 'Device Checkout Status' field is no longer editable for new organizations. Existing organizations can continue to modify. Additional improvements for 'wandering device' workflows are planned.

  • Updated Check In action to clarify the Launch Blank Page option is no longer needed for devices running iOS 18 or higher.

  • Disable Local Keychain on Check In prevents users from inadvertently storing passwords on the device. Requires MAM 7.0 Launchpad or later.

  • Users are now automatically prevented from autofilling passwords from the device local keychain on iOS devices. Only Locker app is used for password autofill.

  • The mouse cursor is now automatically hidden when the macOS launchpad is in End-User display mode.

  • Launchpad now supports using a single user identity to register a Launchpad to different levels of a large parent-child organization.

  • When displaying MFA, Locker now automatically offers the correct user experience based on assigned user policy.

  • Locker Diagnostics now displays the device serial number.

  • Added support to enforce the native device passcode on Android.

Fixed Issues

  • Resolved an issue that would sometime prevent Launchpads from displaying port numbers for Android devices connected to 8 port hubs

  • Resolved an issue that would sometime prevent Launchpads from displaying port numbers for iOS devices connected to Bretford hubs

  • Resolved an issue where Bretford 10 Port hubs were displaying as 20 port hubs

  • Server generated emails now come from Mobile Access Management.

  • Resolved an issue where the Continue button in Locker may not work as expected when MSAL is configured

Lifecycle Updates

  • Heartbeat has been deprecated based on customer feedback, with no impact on devices or intelligent device selection.

  • Devices on iOS 18 or higher no longer require the option “Launch a blank page before Check In” in the Check In workflow.

  • Stay informed on MAM hardware and software certification with our new requirements article.

  • iPhone 16e is still in certification, pending MDM partners' update to Automated Device Enrollment (ADE) SkipKeys.

  • Based on performance and instability, we have deprecated support for the Apple Devices app for Windows. See this article for supported MobileDevice installation methods.