What's New in Imprivata Mobile Access Management
Imprivata Mobile Access Management 7.4 contains the following new features and technology updates.
New Features
Automatic Badge Reader Configuration
Launchpads can now automatically configure supported badge readers using the settings from the EAM computer policy. This eliminates the previous requirement to pre-configure readers with an EAM workstation.
Badge readers, including the embedded reader in the Smart Hub Display Base, are ready to use immediately upon connection. For more information, see Automatic Badge Reader Configuration.
Epic Rover Witness Authentication Using Facial Recognition
Secondary users can now complete Epic Rover witness (“dual sign”) workflows on shared MAM devices using facial authentication through the Imprivata Hybrid Identity Provider (IdP). Witnesses can securely authenticate and complete sign-off without manually entering credentials.
Accelerates witness-required workflows by reducing authentication delays during medication administration and other clinical tasks. Clinicians can complete required sign-offs more efficiently without disrupting patient care or relying on shared credentials. For more information, see Epic Rover Witness Authentication.
Requires Imprivata appliances running EAM 26.2 or later.
Depleted Battery Workflow for Mac Launchpads
Mac Launchpads now support a depleted battery workflow that helps clear passcodes over USB when devices become unavailable due to a discharged battery.
Reduces device downtime by enabling the seamless checkin of devices returned to a Smart Hub with a depleted battery, eliminating the need for Force Recovery or other manual intervention by IT technicians. For more information, see Check In Devices with Depleted Batteries.
Additional Enhancements
Server
The Locker app version is now displayed in device details, activity log, and device export, and is available for use with Smart Folders and automation rule criteria.
Launchpad
The Launchpad End-user Display now supports localization including Spanish.
Locker
Locker iOS 4.4 and Locker Android 2.4 now supports localization including Spanish.
Fixed Issues
Server 7.4
-
For increased security, API keys are now partially obscured after creation.
-
Improved the Device is unpaired Dashboard tile to more accurately include devices in an unpaired state.
-
Improved the accuracy of the Users with more than one device Device Home Dashboard tile.
-
Express Checkout now initiates a reboot and check-in after a failure, even when it is not the first workflow in a chained workflow automation.
-
Fixed an issue that could cause Check Out to fail with the message: "
Checkout Failed: The Checkout feature is not properly configured, no workflow is specified." -
The Marketing Name for iPhone 17e is now displayed properly.
Launchpad 7.4
-
OTA Workflows now resolve Launchpad attribute tokens (for example, [Department]) for devices that are not currently connected to a Launchpad, by using the values from the Launchpad the device was last connected to. This resolves a case where bulk OTA deployments such as 'Set Device Home to [Department]' produced the literal string on unpaired devices
Locker iOS 4.4 and Locker Android 2.4
-
Personalized Lock Screen now re-activates when opening Locker if dismissed or closed.
-
Personalized Lock Screen now activates properly when a device is checked out with Username.
-
Fixed an issue that prevented the "
This device is locked" message from appearing on the Check Out with Credentials screen on Spectralink and Zebra devices.
Ecosystem Qualifications
-
Globo Connect for iOS
-
AMSConnect for iOS
-
AirStrip One for iOS
Lifecycle Updates
-
Support has ended for iOS 18.5 and below, starting with Imprivata Locker 4.2.1.
For questions or comments about this release, contact the Product Management and Product Marketing teams at mobile@imprivata.com.
Previous Releases
Features and fixed issues from previous releases.
Imprivata has released MAM server version 7.3.3 which includes bug fixes to address platform stability. This release is distributed to shared MAM server clusters only.
MAM 7.3.3 addressed server resource contention and exhaustion issues when large amounts of deployment activity coincide with background processes.
MAM 7.3.2 Server contains a fix that addresses API integration issues with Jamf Pro MDM.
MAM Server 7.3.2 now uses Jamf Pro API v2 for Jamf MDM commands, including Clear Passcode and Lost Mode actions. This improves compatibility with current Jamf Pro versions where Classic API mobile device command behavior has changed. The new behavior is enabled by default regardless of Jamf Pro version.
MAM 7.3.1 Server and Launchpad contain bug fixes designed to address key issues including an issue with iOS device passcode clearing that can result in check in failures.
-
Resolves checkin failures on passcode-locked devices by adding a Launchpad capability to detect when a passcode is set but the device is not locked.
-
Resolves an issue that could cause Launchpad to hang and prevent it from being restarted from the server.
Locker SSO - Locker iOS 4.3
The Imprivata Locker iOS app can now perform passwordless single sign on into apps that support OIDC, like Epic Rover1. Locker SSO makes the end user app login experience even simpler than Password Autofill and requires zero training. Unlike Password Autofill, Locker SSO does not require any manual configuration on the device by either an IT technician or user.
Device Home Dashboard
Simplified view for department managers to view the status of their devices.
The real-time Device Home Dashboard is purpose built for non-IT staff and offers an easy to understand view to show:
-
How many devices are available for check out
-
Who has which device
-
How long they have had the device
-
Where they returned the device
-
Which users have overdue devices
Face Authentication for Epic Rover
Face Authentication for Epic Rover lets users skip the typing and login directly to the app with their face. This configuration allows devices to be deployed without requiring a device level passcode, while still offering high assurance to IT that data is protected.
Frequent re-authentication throughout the day is intuitive and secure. Users can enroll their face once and use on any shared device.
Personalized Lock Screen - iOS
The Personalized Lock Screen is more customizable and shows additional important information. The Personalized Lock Screen feature now allows IT Admins to customize the name format for user privacy, display up to four additional location or device attributes, and even optionally display the time left before the device must be returned.
This update helps drive user accountability and encourages devices to be returned on time and to the correct location. This also replaces the need to apply static location wallpapers and is fully compatible with MAM’s Express Check Out workflow.
Launchpad Multi-Language Support - German
The Launchpad Display for End-users now supports localization, including German.
Additional Improvements
MAM Server
-
New “Out of Service” attribute allows a MAM admin to exclude a device from all automation rules, to take a device out of circulation for technician attention.
-
New 'Department Manager' user role can be automatically assigned to newly auto-created SAML users.
-
The Launchpad page now displays when a Launchpad is out of sync with server configuration and requires a restart.
-
Server now automatically sends a 'Sync' command to Microsoft Intune after the clear passcode command is sent to improve timeliness and reliability.
-
The MAM console DEP tab has been renamed to Supervision Identities and now lists the expiration date of the supervision identity certificate used to connect to iOS devices.
-
Users can now generate a supervision identity on the MAM server before registering the first Launchpad. Registering a first Launchpad continues to generate a supervision identity automatically, if performed first.
-
When configuring MAM to connect to an Epic environment the MAM admin is now emailed the JWK URL used to authenticate to their Epic environment.
-
When configuring MAM to connect to an Epic environment, the Epic environments list view now has an option to copy JWK URL. Applies to Epic May 2026 and later.
-
For devices configured for Microsoft Shared Device Mode, activity logs now show when SDM is detected and when MSAL reports logout is successful.
Imprivata Locker iOS 4.3 and Locker Android 2.3
-
Locker Diagnostics now displays when Microsoft Shared Device Mode is detected or not detected
-
Locker now detects during check out if a previous Shared Device Mode user was not logged out successfully and prevents the check out from proceeding. When using standard check out workflow, admins are encouraged to follow standard workflows and use the ‘Reboot and Check In’ configuration to remediate the device.
-
Admins can now hide the '
You need to configure...Password Autofill' prompt from displaying during check out with the Locker Custom Option "HidePasswordAutoFillPrompt" set to "true". Applies to iOS devices only.
Fixed Issues
Server 7.3
-
Server now distributes LP daily restarts (30 per minute) evenly, rather than in batches per minute.
-
Fixed an issue where the Smart Hub Display would sometimes show a previous user’s name when returning a device unlocked by Emergency Unlock PIN.
-
Fixed an issue that prevented Audit Log from displaying long entries correctly.
Launchpad 7.3
-
Fixed an issue the prevented wallpapers from being correctly scaled for certain device types.
Imprivata Locker iOS 4.3 and Locker Android 2.3
-
Resolved an issue that could sometimes lead to a previous user’s username being shown during Microsoft MSAL login.
-
Resolved an issue when check in is configured with no app logouts that could result in Locker appearing locked but user is still able to exit.
Ecosystem Qualifications
-
AngelEye Health MilkTracker
-
Everbridge 360 iOS app
Reboot & Check In for Express Checkout
Automatically remediates unhealthy iOS devices during express checkout, restoring them to a reliable state before the next use. A zero-touch process ensures a consistent user experience while saving admins time and reducing operational overhead. Reboot & Check In for Express Checkout is automatically enabled in any Express Checkout workflow.
Restart Smart Hub
Remotely restart Smart Hubs from the MAM console, enabling admins to take action, ensuring Smart Hubs remain responsive and connected. Smart Hubs can be restarted individually or as part of a scheduled Launchpad Restart for efficient, coordinated maintenance.
Only supported for Launchpads running 7.2 and later.
Additional Improvements
MAM Server 7.2
-
Added support for delegated permissions for the Graph API (Microsoft Intune)
-
"More info" links in the MAM console redirect to Imprivata’s new documentation portal
Imprivata Locker iOS 4.2 and Locker Android 2.2
-
Added support for German language (iOS only)
-
Updated the SDK for Microsoft Authentication Library (MSAL)
Fixed Issues
MAM Server 7.2
-
Configuring Epic API Logout now requires setting up the non-production environment first
-
Admins with long email addresses now display correctly on the Admin > Teams tab
-
Email alerts for disconnected Launchpads no longer send before the specified "Notify me" time
-
The Checkout Status of an overdue device now updates to Overdue automatically, without refreshing the page
-
Smart Folders now display the correct number of devices when adding or editing a folder
-
Dropdown menus with long values now wrap properly on the Automation tab
-
Fixed an issue where the Serial Number of a Smart Hub was sometimes missing from Launchpad exports
-
Fixed an issue where multiple IPSW downloads appeared on the Launchpad details page
Imprivata Locker iOS 4.2 and Locker Android 2.2
-
Fixed an issue where the message "Imprivata PIN is not enrolled" was not displayed when expected
-
Fixed an issue where mobile enrollment could fail if the network connection was lost during enrollment
Launchpad 7.2
-
Fixed an issue where the "Launchpad has been upgraded" banner was not being displayed
-
Fixed an issue where a Launchpad could become unregistered under certain conditions
Ecosystem Qualifications
-
Added support for iOS 26
-
Added support for macOS 26
-
Added support for Android 16
Locker Android 2.1 HF4 was released on October 27, 2025.
This hotfix contained the following changes:
-
Fix for Critical Alarm notifications are not displayed on Spectralink devices during regular undocked use. (SER-16987, IM-17259)
Locker Android 2.1 HF3 was released on September 26, 2025.
This hotfix contained the following changes:
-
Enhancement: Added prominent disclosure that Locker Android is collecting installed apps information. (IM-16950)
NOTE:This enhancement was added to address a new Google Play requirement for Locker Android to be more explicit on what it is collecting and sending third party apps installed on a device for troubleshooting purposes.
The consent permission is now displayed first over the other Locker Android permissions.
-
Fixed an issue that Android Locker was sometimes crashing after being upgraded to Android Locker v2.1, an issue that subsequently was blocking users' ability to authenticate into the app (SER-16879, SF 01526068 & 01526117).
NOTE:The issue is not present in Imprivata Locker for iOS.
This issue is independent of EAM version.
Personalized Folders for Launchpads and Devices
Admins can define smart folders for Launchpads and devices that dynamically populate based on Launchpad or device attributes. Folders are personal to the user so they can quickly access information relevant to them. Admins can quickly deploy to smart folder targets with bulk deploy. The dynamic list can be exported to a CSV file.
Smart Search for Attributes
Smart Search allows users to search-as-you-type when entering attributes.
Mass Deploy Launchpads (MacOS)
Admins can generate auto registration files to distribute and configure the Launchpad client on many Macs with their MDM.
Additional Improvements
-
Smart Search for attributes is also available in Automation Rules when using the “Is” or “Is Not” operators
-
Automation Rules can now be cloned
-
New Dashboard tile for “Devices erased and ready for deployment” shows devices that are ready to be provisioned.
Fixed Issues in MAM 7.1
-
Console Admins can again publish workflows to child organizations
-
Fixed an issue that would sometimes cause SAML users to see a vague error when their IdP session had timed out
-
Launchpad disconnected emails are no longer sent when the Launchpad is reconnected in the specified alert threshold
-
Improved the reliability of iOS Updates when performed on several devices concurrently
-
IMEIs for connected iOS devices are now shown consistently
-
Resolved a Launchpad crash when a Smart Hub is connected to a Mac running macOS 26 Tahoe Beta
-
Locker iOS 4.1 now re-prompts for camera access during face authentication if the camera permission was previously enabled and then disabled
-
The Windows Launchpad will no longer crash when the log file destination runs out of storage space
-
Resolved an issue that would sometime prevent the Launchpad from relaunching after an upgrade.
Face Recognition Authentication Method for Check Out
Users can now use their face to satisfy multi-factor authentication when checking out a shared device.
Requires integration with Imprivata Enterprise Access Management and Imprivata appliances running 25.2 (or later) software.
Personalized Lock Screen for Check Out using Live Activities — iOS
This release supports using Live Activities to display the device user on the lock screen. View the name of the person who checked out the device from the Lock Screen.
Enhanced Console Admin Permissions for Large Organizations
Large organizations with multi-tiered parent-child organizations now have the ability to assign unique roles to an admin identity at different levels of their organization, while configuring SAML identity federation only once. This provides a simple way to configure identity federation with an enterprise identity provider to enforce MFA access to the MAM console. Once authenticated, users can be given the correct level of access for the locations that are relevant to them, while limiting access to locations they are not responsible for.
Imprivata Common UI
The MAM console and the Imprivata Locker apps now share the common Imprivata user interface style.
Additional Improvements
-
Express Check Out for Locker iOS is no longer in preview and is the recommended default check out experience.
-
Failed standard Check Out workflows now default to a 'Reboot and Check In' On Failure action. This excludes 'Device Remain Plugged In' time outs, and existing workflows are not modified.
-
Administrators are no longer required to configure MFA keyboard type for PIN or Password. The Imprivata Locker app now automatically offers the correct user experience based on assigned user policy.
-
New customer organizations automatically enforce policy assigned MFA before a checked out device is unlocked. Existing organization can now optionally toggle this behavior to ensure MFA is satisfied. (Grace period remains respected).
-
Admin > Team page now offers user search and filter pills.
-
User role is now displayed in the user account settings modal.
-
Updated MDM names and icons.
-
The 'Device Checkout Status' column is automatically added to the Launchpad view when Check Out is enabled for the org.
-
The 'Device Checkout Status' field is no longer editable for new organizations. Existing organizations can continue to modify. Additional improvements for 'wandering device' workflows are planned.
-
Updated Check In action to clarify the Launch Blank Page option is no longer needed for devices running iOS 18 or later.
-
Disable Local Keychain on Check In prevents users from inadvertently storing passwords on the device. Requires MAM 7.0 Launchpad or later.
-
Users are now automatically prevented from autofilling passwords from the device local keychain on iOS devices. Only Locker app is used for password autofill.
-
The mouse cursor is now automatically hidden when the macOS launchpad is in End-User display mode.
-
Launchpad now supports using a single user identity to register a Launchpad to different levels of a large parent-child organization.
-
When displaying MFA, Locker now automatically offers the correct user experience based on assigned user policy.
-
Locker Diagnostics now displays the device serial number.
-
Added support to enforce the native device passcode on Android.
Fixed Issues
-
Resolved an issue that would sometime prevent Launchpads from displaying port numbers for Android devices connected to 8 port hubs
-
Resolved an issue that would sometime prevent Launchpads from displaying port numbers for iOS devices connected to Bretford hubs
-
Resolved an issue where Bretford 10 Port hubs were displaying as 20 port hubs
-
Server generated emails now come from Mobile Access Management.
-
Resolved an issue where the Continue button in Locker may not work as expected when MSAL is configured
Lifecycle Updates
-
Heartbeat has been deprecated based on customer feedback, with no impact on devices or intelligent device selection.
-
Devices on iOS 18 and later no longer require the option “Launch a blank page before Check In” in the Check In workflow.
-
Stay informed on MAM hardware and software certification with our new requirements article.
-
iPhone 16e is still in certification, pending MDM partners' update to Automated Device Enrollment (ADE) SkipKeys.
-
Based on performance and instability, we have deprecated support for the Apple Devices app for Windows. See this article for supported MobileDevice installation methods.