What's New in Imprivata Mobile Access Management

Imprivata Mobile Access Management 7.1 contains the following new features and technology updates.

New Features

Personalized Folders for Launchpads and Devices

Admins can define smart folders for Launchpads and devices that dynamically populate based on Launchpad or device attributes. Folders are personal to the user so they can quickly access information relevant to them. Admins can quickly deploy to smart folder targets with bulk deploy. The dynamic list can be exported to a CSV file.

Smart Search for Attributes

Smart Search allows users to search-as-you-type when entering attributes.

Mass Deploy Launchpads (MacOS)

Admins can generate auto registration files to distribute and configure the Launchpad client on many Macs with their MDM.

Additional Improvements

Server

  • Smart Search for attributes is also available in Automation Rules when using the “Is” or “Is Not” operators

  • Automation Rules can now be cloned

  • New Dashboard tile for “Devices erased and ready for deployment” shows devices that are ready to be provisioned

Fixed Issues

  • Console Admins can again publish workflows to child organizations

  • Fixed an issue that would sometimes cause SAML users to see a vague error when their IdP session had timed out

  • Launchpad disconnected emails are no longer sent when the Launchpad is reconnected in the specified alert threshold

  • Improved the reliability of iOS Updates when performed on several devices concurrently

  • IMEIs for connected iOS devices are now shown consistently

  • Resolved a Launchpad crash when a Smart Hub is connected to a Mac running macOS 26 Tahoe Beta

  • Locker iOS now re-prompts for camera access during face authentication if the camera permission was previously enabled and then disabled

  • The Windows Launchpad will no longer crash when the log file destination runs out of storage space

  • Resolved an issue that would sometime prevent the Launchpad from relaunching after an upgrade

Lifecycle Updates

  • Testing and certification for iOS 26 and macOS 26 will begin, with details announced upon certification and support.

  • Beginning Jan 1, 2026 Locker Android will drop support for Android 9, 10, and 11.

For questions or comments about this release, contact the Product Management and Product Marketing teams at mobile@imprivata.com.

Previous Releases

Features and fixed issues from previous releases.

Face Recognition Authentication Method for Check Out

Users can now use their face to satisfy multi-factor authentication when checking out a shared device. 

Requires integration with Imprivata Enterprise Access Management and Imprivata appliances running 25.2 (or later) software.

Personalized Lock Screen for Check Out using Live Activities — iOS

This release supports using Live Activities to display the device user on the lock screen. View the name of the person who checked out the device from the Lock Screen.  

Enhanced Console Admin Permissions for Large Organizations

Large organizations with multi-tiered parent-child organizations now have the ability to assign unique roles to an admin identity at different levels of their organization, while configuring SAML identity federation only once. This provides a simple way to configure identity federation with an enterprise identity provider to enforce MFA access to the MAM console. Once authenticated, users can be given the correct level of access for the locations that are relevant to them, while limiting access to locations they are not responsible for.

Imprivata Common UI

The MAM console and the Imprivata Locker apps now share the common Imprivata user interface style.

Additional Improvements

  • Express Check Out for Locker iOS is no longer in preview and is the recommended default check out experience.

  • Failed standard Check Out workflows now default to a 'Reboot and Check In' On Failure action. This excludes 'Device Remain Plugged In' time outs, and existing workflows are not modified.

  • Administrators are no longer required to configure MFA keyboard type for PIN or Password. The Imprivata Locker app now automatically offers the correct user experience based on assigned user policy.

  • New customer organizations automatically enforce policy assigned MFA before a checked out device is unlocked. Existing organization can now optionally toggle this behavior to ensure MFA is satisfied. (Grace period remains respected).

  • Admin > Team page now offers user search and filter pills.

  • User role is now displayed in the user account settings modal.

  • Updated MDM names and icons.

  • The 'Device Checkout Status' column is automatically added to the Launchpad view when Check Out is enabled for the org.

  • The 'Device Checkout Status' field is no longer editable for new organizations. Existing organizations can continue to modify. Additional improvements for 'wandering device' workflows are planned.

  • Updated Check In action to clarify the Launch Blank Page option is no longer needed for devices running iOS 18 or higher.

  • Disable Local Keychain on Check In prevents users from inadvertently storing passwords on the device. Requires MAM 7.0 Launchpad or later.

  • Users are now automatically prevented from autofilling passwords from the device local keychain on iOS devices. Only Locker app is used for password autofill.

  • The mouse cursor is now automatically hidden when the macOS launchpad is in End-User display mode.

  • Launchpad now supports using a single user identity to register a Launchpad to different levels of a large parent-child organization.

  • When displaying MFA, Locker now automatically offers the correct user experience based on assigned user policy.

  • Locker Diagnostics now displays the device serial number.

  • Added support to enforce the native device passcode on Android.

Fixed Issues

  • Resolved an issue that would sometime prevent Launchpads from displaying port numbers for Android devices connected to 8 port hubs

  • Resolved an issue that would sometime prevent Launchpads from displaying port numbers for iOS devices connected to Bretford hubs

  • Resolved an issue where Bretford 10 Port hubs were displaying as 20 port hubs

  • Server generated emails now come from Mobile Access Management.

  • Resolved an issue where the Continue button in Locker may not work as expected when MSAL is configured

Lifecycle Updates

  • Heartbeat has been deprecated based on customer feedback, with no impact on devices or intelligent device selection.

  • Devices on iOS 18 or higher no longer require the option “Launch a blank page before Check In” in the Check In workflow.

  • Stay informed on

    MAM hardware and software certification with our new requirements article.

  • iPhone 16e is still in certification, pending MDM partners' update to Automated Device Enrollment (ADE) SkipKeys.

  • Based on performance and instability, we have deprecated support for the Apple Devices app for Windows. See this article for supported MobileDevice installation methods.

 

Launchpad Display for End Users

Launchpad Display provides a visual interface and clear instructions to help an end user check out a device and return it successfully.

Obtaining a phone, and returning it, should be simple and intuitive. Today, MAM relies on a series of beeps and lights to communicate to an end user what is going on at the time a badge is tapped.

The Launchpad Display replaces these with a visual interface providing clear instructions to an end user. Whether a first-time user, or a seasoned user, the display will greatly improve the user experience and get a device into the hands of a user quickly so they can get their day started.

Epic API Server Logout

Formerly Enhanced Epic Rover Logout.

Use the Epic API logout feature to disassociate a user from a device in Epic and prevent push notifications (messages, alerts, or calls) from being sent to the device after check in.

Existing logout functionality (force quit) for Epic apps like Rover closes the app session on the device, but leaves the Epic backend systems unaware that the user no longer has the device. Notifications (without PHI) continue to be sent to the device and appear in the notifications list for the next user. With Epic API Logout integration, MAM communicates directly with Epic environment and prevents unnecessary and confusing audible notifications from being sent. (this should be used in conjunction with the existing ‘force quit’ feature)

Additional Improvements and Fixed Issues

  • iOS Express Check Out workflow now supports the ability to set an attribute

  • Smart Hub serial numbers have been added to the list view export

  • Added a Notes field to automation rules

  • Reordering workflows in automation rules with three or more workflows no longer fails

  • Devices that are unlocked by Emergency PIN while not connected to a network now check in consistently

  • Deleting an MDM that was previously used in an OTA workflow with Android devices is now possible

  • OTA Workflows containing enable/disable lost mode for Android can now be saved consistently

  • Large image files no longer fail to apply on iPads using the set wallpaper action

  • Launchpad no longer intermittently fails to display port numbers on Bretford Smart Hubs running 1.0.4 firmware

iOS Express Check Out (Public Preview)

Express Check Out for iOS is a new workflow model designed specifically for simplicity and speed. Express check out is designed to check out a device in under two seconds so your clinicians can get their devices fas and focus on taking care of patients.

Mass Deploy Launchpads (Windows)

Console Admins can now download and automatically register a Windows Launchpad using the new mass deployment installer (MSI). Automated Launchpad registration tokens are now generated during download, and can be passed to the installer with a provided standard msiexec command. This eliminates several manual steps previously required when using desktop deployment tools to push out Launchpad installations.

Flexible Password Autofill Functionality

In the previous release of Locker, users outside of their EAM grace period were prompted with a Continue button for MFA during check out. This is so that 1-Tap password autofill is available for apps like Epic Rover. Users who prematurely left the Locker app after check out bypassed this workflow and were not able to use Autofill. Locker iOS 3.14 restores the ability for a user to satisfy MFA while autofilling passwords into an app.

Additional Improvements and Fixed Issues

  • Using the Locker Custom Option key ‘defaultDomain’ admins can now set a default EAM domain for Locker iOS and Android. Users will see the default domain pre-selected from the domain drop-down.

  • A new ‘Check Out Duration’ column (time between badge tap and flashing white LED) has been added to the activity export.

  • Workflows using Ivanti MDM that contain both clear passcode and retire actions now work consistently.

  • Device Passcode Clearing triggered by Device Passcode Management settings will no longer start while another deployment is running for a device.

  • Automation rules with many historical deployments no longer have difficulty being deleted.

  • Fixed an issue that would cause sorting devices by ‘Last Seen’ to not work correctly.

  • When configuring Launchpad monitoring, ‘Send Test Alert’ button now works consistently.

  • Timestamp used in overdue device alerts now reflects the date the device went overdue, and not the date of the last deployment.

  • ‘Device last connected over "N" days ago’ filter no longer erroneously display connected devices.

  • Resolved an issue that would sometime cause duplicate deployments during a bulk deployment.

  • When running a ‘Sync’ MDM command on Android devices with WorkspacOne, the server no longer incorrectly resets the device name.

  • Send Email action now works consistently when Launchpad and Device tokens are used simultaneously.

  • Server no longer incorrectly reports timed out OTA deployments when OTA workflows are run as a secondary workflow as part of a check out automation rule.

  • Locker iOS now shows the correct instructions for enabling Password Autofill on iOS 18.

  • Resolved an issue where battery % was not displaying in the Launchpad for Android devices.

Streamlined MFA Workflow for Check Out (iOS)

Users are now prompted for their personal Imprivata PIN immediately when checking out a device outside of the EAM (OneSign) grace period.

Users are no longer prompted to enter their PIN while Autofilling credentials into apps.

Users who are outside of the grace period can now utilize 1 tap Password AutoFill for supported apps like Epic Rover.

Additional Improvements and Fixed Issues

  • Admins deploying Windows Launchpads can now optionally choose to deploy the ‘Apple Devices’ app instead of extracting files from the iTunes installer.

  • Smart Hub features (port numbers, LED light support) are now enabled for all organizations.

  • Customers can now bulk retire devices that are lost, stolen, or end of life.

  • Bulk Deploy no longer fails to complete when a device is disconnected during deployment batching.

  • Launchpad View now supports horizontal scrolling when many columns are enabled.

  • The Cache tab is now renamed Assets in the admin console.

  • Configuration details of Built-in Apps in the Admin > App Logouts list can now be viewed.

  • Disconnected Launchpads are no longer counted in the Monitored LP has no connected devices or Monitored LP has no Smart Hubs connected Dashboard tiles.

  • Apple Passwords app for iOS 18 has been added to the Hide App and Icon Arrangement workflow actions.

  • Added App Logout support for Doximity Amion app.

  • Added support for clearing an Android passcode during Check In for devices configured with Soti MDM.

  • Support for displaying battery health for Android devices.

  • Support for Microsoft Intune MHS 2.2 (and later) for Android devices.