What's New in Imprivata Mobile Access Management

Locker Android 2.1 HF4 was released on October 27, 2025.

This hotfix contained the following changes:

• Fix for Critical Alarm notifications are not displayed on Spectralink devices during regular undocked use. (SER-16987, IM-17259)

Locker Android 2.1 HF3 was released on September 26, 2025.

This hotfix contained the following changes:

• Enhancement: Added prominent disclosure that Locker Android is collecting installed apps information. (IM-16950)

  NOTE:

  This enhancement was added to address a new Google Play requirement for Locker Android to be more explicit on what it is collecting and sending third party apps installed on a device for troubleshooting purposes.

  The consent permission is now displayed first over the other Locker Android permissions.

• Fixed an issue that Android Locker was sometimes crashing after being upgraded to Android Locker v2.1, an issue that subsequently was blocking users' ability to authenticate into the app (SER-16879, SF 01526068 & 01526117).

  NOTE:

  The issue is not present in Imprivata Locker for iOS.

  This issue is independent of EAM version.

Personalized Folders for Launchpads and Devices

Admins can define smart folders for Launchpads and devices that dynamically populate based on Launchpad or device attributes. Folders are personal to the user so they can quickly access information relevant to them. Admins can quickly deploy to smart folder targets with bulk deploy. The dynamic list can be exported to a CSV file.

Smart Search for Attributes

Smart Search allows users to search-as-you-type when entering attributes.

Mass Deploy Launchpads (MacOS)

Admins can generate auto registration files to distribute and configure the Launchpad client on many Macs with their MDM.

Additional Improvements

• Smart Search for attributes is also available in Automation Rules when using the “Is” or “Is Not” operators

• Automation Rules can now be cloned

• New Dashboard tile for “Devices erased and ready for deployment” shows devices that are ready to be provisioned.

Fixed Issues in MAM 7.1

• Console Admins can again publish workflows to child organizations

• Fixed an issue that would sometimes cause SAML users to see a vague error when their IdP session had timed out

• Launchpad disconnected emails are no longer sent when the Launchpad is reconnected in the specified alert threshold

• Improved the reliability of iOS Updates when performed on several devices concurrently

• IMEIs for connected iOS devices are now shown consistently

• Resolved a Launchpad crash when a Smart Hub is connected to a Mac running macOS 26 Tahoe Beta

• Locker iOS now re-prompts for camera access during face authentication if the camera permission was previously enabled and then disabled

• The Windows Launchpad will no longer crash when the log file destination runs out of storage space

• Resolved an issue that would sometime prevent the Launchpad from relaunching after an upgrade.

Face Recognition Authentication Method for Check Out

Users can now use their face to satisfy multi-factor authentication when checking out a shared device. 

Requires integration with Imprivata Enterprise Access Management and Imprivata appliances running 25.2 (or later) software.

Personalized Lock Screen for Check Out using Live Activities — iOS

This release supports using Live Activities to display the device user on the lock screen. View the name of the person who checked out the device from the Lock Screen.  

Enhanced Console Admin Permissions for Large Organizations

Large organizations with multi-tiered parent-child organizations now have the ability to assign unique roles to an admin identity at different levels of their organization, while configuring SAML identity federation only once. This provides a simple way to configure identity federation with an enterprise identity provider to enforce MFA access to the MAM console. Once authenticated, users can be given the correct level of access for the locations that are relevant to them, while limiting access to locations they are not responsible for.

Imprivata Common UI

The MAM console and the Imprivata Locker apps now share the common Imprivata user interface style.

Additional Improvements

• Express Check Out for Locker iOS is no longer in preview and is the recommended default check out experience.

• Failed standard Check Out workflows now default to a 'Reboot and Check In' On Failure action. This excludes 'Device Remain Plugged In' time outs, and existing workflows are not modified.

• Administrators are no longer required to configure MFA keyboard type for PIN or Password. The Imprivata Locker app now automatically offers the correct user experience based on assigned user policy.

• New customer organizations automatically enforce policy assigned MFA before a checked out device is unlocked. Existing organization can now optionally toggle this behavior to ensure MFA is satisfied. (Grace period remains respected).

• Admin > Team page now offers user search and filter pills.

• User role is now displayed in the user account settings modal.

• Updated MDM names and icons.

• The 'Device Checkout Status' column is automatically added to the Launchpad view when Check Out is enabled for the org.

• The 'Device Checkout Status' field is no longer editable for new organizations. Existing organizations can continue to modify. Additional improvements for 'wandering device' workflows are planned.

• Updated Check In action to clarify the Launch Blank Page option is no longer needed for devices running iOS 18 or higher.

• Disable Local Keychain on Check In prevents users from inadvertently storing passwords on the device. Requires MAM 7.0 Launchpad or later.

• Users are now automatically prevented from autofilling passwords from the device local keychain on iOS devices. Only Locker app is used for password autofill.

• The mouse cursor is now automatically hidden when the macOS launchpad is in End-User display mode.

• Launchpad now supports using a single user identity to register a Launchpad to different levels of a large parent-child organization.

• When displaying MFA, Locker now automatically offers the correct user experience based on assigned user policy.

• Locker Diagnostics now displays the device serial number.

• Added support to enforce the native device passcode on Android.

Fixed Issues

• Resolved an issue that would sometime prevent Launchpads from displaying port numbers for Android devices connected to 8 port hubs

• Resolved an issue that would sometime prevent Launchpads from displaying port numbers for iOS devices connected to Bretford hubs

• Resolved an issue where Bretford 10 Port hubs were displaying as 20 port hubs

• Server generated emails now come from Mobile Access Management.

• Resolved an issue where the Continue button in Locker may not work as expected when MSAL is configured

Lifecycle Updates

• Heartbeat has been deprecated based on customer feedback, with no impact on devices or intelligent device selection.

• Devices on iOS 18 or higher no longer require the option “Launch a blank page before Check In” in the Check In workflow.

• Stay informed on MAM hardware and software certification with our new requirements article.

• iPhone 16e is still in certification, pending MDM partners' update to Automated Device Enrollment (ADE) SkipKeys.

• Based on performance and instability, we have deprecated support for the Apple Devices app for Windows. See this article for supported MobileDevice installation methods.

Launchpad Display for End Users

Launchpad Display provides a visual interface and clear instructions to help an end user check out a device and return it successfully.

Obtaining a phone, and returning it, should be simple and intuitive. Today, MAM relies on a series of beeps and lights to communicate to an end user what is going on at the time a badge is tapped.

The Launchpad Display replaces these with a visual interface providing clear instructions to an end user. Whether a first-time user, or a seasoned user, the display will greatly improve the user experience and get a device into the hands of a user quickly so they can get their day started.

Epic API Server Logout

Formerly Enhanced Epic Rover Logout.

Use the Epic API logout feature to disassociate a user from a device in Epic and prevent push notifications (messages, alerts, or calls) from being sent to the device after check in.

Existing logout functionality (force quit) for Epic apps like Rover closes the app session on the device, but leaves the Epic backend systems unaware that the user no longer has the device. Notifications (without PHI) continue to be sent to the device and appear in the notifications list for the next user. With Epic API Logout integration, MAM communicates directly with Epic environment and prevents unnecessary and confusing audible notifications from being sent. (this should be used in conjunction with the existing ‘force quit’ feature)

Additional Improvements and Fixed Issues

• iOS Express Check Out workflow now supports the ability to set an attribute

• Smart Hub serial numbers have been added to the list view export

• Added a Notes field to automation rules

• Reordering workflows in automation rules with three or more workflows no longer fails

• Devices that are unlocked by Emergency PIN while not connected to a network now check in consistently

• Deleting an MDM that was previously used in an OTA workflow with Android devices is now possible

• OTA Workflows containing enable/disable lost mode for Android can now be saved consistently

• Large image files no longer fail to apply on iPads using the set wallpaper action

• Launchpad no longer intermittently fails to display port numbers on Bretford Smart Hubs running 1.0.4 firmware