Imprivata OneSign Terminology
This topic familiarizes you with:
Imprivata Admin Console Terminology
Throughout the user interface and user documentation, these terms have specific meanings:
Authentication — Users authenticate to networks by identifying themselves and then providing proof of identity in the form of a password, ID token, proximity card, smart card, fingerprint, or Imprivata ID. When the user authenticates to Imprivata OneSign, a secure user session is launched.
Agent — See Imprivata Agent.
Imprivata Agent — The Imprivata agent is installed on an endpoint computer or virtual machine; it monitors authentication behavior from user workstations and Citrix servers and periodically uploads the information to the Imprivata server.See About the Imprivata Agent
Locked Out — Users are locked out when someone attempts to access a Imprivata OneSign account in violation of the rules set in their corresponding user policy (usually too many successive authentication failures). Locked-out users do not have access to their Imprivata OneSign accounts and do not get access to the network.
Notifications — Can notify Administrators of system events. Imprivata OneSign tracks many system events. Imprivata OneSign can send an email with the information, post it to the Imprivata appliance system log, and post it to a predetermined URL. Notifications are not the same as reports; notifications always occur in real time.
OneSignDirectory Domain — A virtual domain created in Imprivata OneSign for the purpose of providing Imprivata OneSign services to, and managing, users who do not have accounts in your corporate directories.
Provisioning Adaptor — A mapping tool provided with the optional Imprivata OneSign Single Sign-On licensed feature that integrates Imprivata OneSign service with an existing Courion or Fischer user provisioning system. When you de-provision a user through your provisioning system, the user is automatically de-provisioned for all applications monitored through OneSign.
Refresh Interval — The time interval configured in the Imprivata Admin Console that dictates how frequently a user’s Imprivata agent must check the Imprivata OneSign server for new and updated information, and when the Imprivata agent uploads accumulated audit data to the Imprivata OneSign server.
Reports — Reports are a quick and easy way to learn about user and computer activity that occurred during a time window that you define when you run the report.
Roaming session lock — If the computer policy allows it, Imprivata OneSign automatically secures the user's previous workstation when the user opens a new Citrix or RDP session at another workstation. This is also called user roaming.
Shared Workstation — A kiosk or other workstation shared by multiple users. The Imprivata OneSign workstation agent is designed for fast user switching on these workstations.
Site — An Imprivata site is part of an Imprivata enterprise that is defined by the IP address ranges of the computers the site serves and by those appliances in an enterprise that are assigned to the site. Imprivata agents can failover to appliances in other sites in case local appliances are unreachable (this is controllable by the Imprivata Admin Console). A site that is dedicated to disaster recovery can be designated as a hot standby site. For more information, see The Imprivata Site.
Users — Users are accounts you can include in the Imprivata OneSign system. Any user in any of your domains can become a user (see Imprivata Directory Domain).
VDI — Virtual Desktop Infrastructure, a technology for desktop virtualization. A remote central server hosts multiple virtual client computers.
Workstation — A kiosk or other workstation shared by multiple users with different needs. The Imprivata OneSign workstation agent is designed for fast user switching on these terminals. Also called Shared Workstation.
Imprivata OneSign SSO Terminology
These terms are used if you have the optional Single Sign-On licensed feature:
Applications — Applications can be any resource that requires user authentication. This can include legacy, client/server and web applications, terminal emulators, Java applications, domains, and even web sites that require authentication.
Application Credentials — Credentials like username, password, or PIN used to access an application (rather than a domain). Applications that require authentication have rules to govern acceptable credentials, their use, and how to change them.
Application Profile — An XML document that you create with the Imprivata OneSign APG. A profile includes a list of screens that each application might present to a user, and the information that allows the user’s Imprivata agent to recognize each screen and respond to it correctly.
Application Profile Generator (APG) — Imprivata OneSign needs information about how each application handles authentication and password changes. The APG is a browser-based tool used by the Imprivata Admin Console to automate the learning process.
Browser-Based Application — A web application or other application hosted on an application server and accessed through a web browser.
Client/Server Application — see Windows Application.
Container — A terminal emulator or other program that allows an application to be hosted on a mainframe or a UNIX server and used on a desktop. Containers are required by Host-Based Applications (see below). Imprivata OneSign supports containers that use HLLAPI to access mainframe computers, and supports non-HLLAPI connections to other computers.
Credential Enrollment Window — A login window that you create in the Imprivata OneSign APG to use with an application that has a difficult credential capture workflow. Users enroll their credentials via the Credential Enrollment Window, then Imprivata OneSign proxies those credentials to authenticate the user to the application.
Credential Store — A repository of credentials that can be shared by multiple application profiles. Some common deployment settings are stored in a credential store.
Deploy — To make an application profile available to users’ Imprivata agents. An application is not available for SSO, even if the profile is completed, until the profile is deployed.
Domain Credentials — Credentials used to access a network domain (rather than an application).
Enabled/Disabled — Applications can be enabled and disabled for any users. Imprivata OneSign does not provide SSO to disabled applications.
Enrolled — Users must self-enroll their authentication credentials to the Imprivata OneSign secure database for each of their OneSign-enabled applications and for the password self-services option.
Focus — A control that has focus is ready to receive mouse or keyboard input. Only one control within one window can have focus at any time. When some applications are launched, the window may not gain focus as expected. In these cases a click or keystroke command is required to activate the screen and bring focus to the right field for credential proxy.
GDI — GDI is the Graphic Device Interface, a core component of Windows responsible for rendering elements on the screen. In Imprivata OneSign APG usage it is a shorthand term used to refer to non-HLLAPI terminal emulator applications.
HLLAPI (High Level Language Application Programming Interface) — A terminal emulation standard for Windows applications that interact with IBM series mainframe and Midrange systems. Many terminal emulator applications use the HLLAPI standard when connecting to IBM series systems.
Host-Based Application — An application hosted on a remote server or mainframe system and accessed via a terminal emulator (see Container). Also includes applications running inside DOS windows on a workstation.
Hybrid Application — An application that includes some browser-based screens and some client/server screens.
MDI (Multiple Document Interface) — An application type that employs multiple child screens within a single primary application window.
Password Policy — Imprivata OneSign supports automated generation of passwords when an application requires a password change. Auto-generated passwords can be configured to meet application-specific criteria including character type and minimum length.
Web-to-Host Application — A thin-client terminal application that connects to a host-based server through a web server.
Windows Application — In Imprivata OneSign terminology, all client/server, Java, and other non-browser-based, non-host-based applications are Windows applications (compare with Browser-Based Application and Host-Based Application).
