Single Sign On for the Admin Console

Imprivata enables Single Sign On access to your Enterprise Access Management Admin Console, and other Imprivata Admin Consoles, all from access.imprivata.com, powered by the Imprivata Cloud Platform.

Secure Connection to Imprivata Cloud Platform

Configure the secure connection between your Imprivata Enterprise Access Management appliance and the Imprivata Cloud Platform. To confirm whether this connection is complete, on the Enterprise Access ManagementAdmin Console, see the Status panel on the right-hand side. Look for a green checkmark icon for Access Management integration.

Setup Wizard

Contact Imprivata Services. Services will create a Cloud Tenant for your enterprise, and send a Welcome email with a link to the Cloud Tenant Setup wizard. Click the link in the email and follow the wizard to complete the secure connection.

Before You Begin

  • You need a PNG, JPG, or GIF of your organization logo (200 x 100 pixels or smaller, max 100KB).

  • You need access to your Enterprise Access Management Admin Console.

Wizarding Steps

The setup wizard leads you through the following steps:

  1. Agree to the Data Processing Addendum

  2. In the Enterprise Access Management Admin Console, go to the gear icon > Imprivata Access Management integrations.

  3. On the Imprivata Access Management integration page, you will see the following status message: Unable to verify integration. Unable to connect to Imprivata Access Management.

    On this page, copy the Enterprise integration ID to your clipboard.

  4. In the Cloud Tenant Setup Wizard, paste the Enterprise integration ID.

  5. Click Create integration token and then Copy integration token.

  6. In the Enterprise Access ManagementAdmin ConsoleImprivata Access Management integration page, paste the integration token, and click Integrate.

  7. To enable SSO to the Imprivata Control Center using your SAML IdP (e.g., Entra ID, Okta, Ping ID): Before you leave this page, select Administrator console single sign-on using SAML

  8. Copy the Imprivata SP metadata URL and provide it to your IdP.

    NOTE:

    • Sign On URLhttps://access.imprivata.com

    • Logout URL — copy your ACS URL, and replace /saml2/acs with /saml2/slo/redirect

    • Recommended — Configure Group ID (rather than group name) as the source attribute for group claims.

  9. Enter your IdP's SAML metadata in the wizard.

  10. Configure the groups that identify users with administrative access.

  11. Add your organization's business email address, user-facing name, and logo.

You can also create the secure connection manually, after Imprivata Services has created a Cloud Tenant for your enterprise.

If you configured your SAML IdP, but did not complete the steps from the Cloud Tenant Setup Wizard to connect your Enterprise Access Management enterprise, you can still generate an integration token by logging into the Imprivata Cloud Platform from access.imprivata.com.

Before you begin, in the Imprivata Admin Console > Imprivata cloud services status panel, Access Management integration is "greyed out".

  1. In the Imprivata Admin Console, go to the gear icon > Imprivata Access Management integrations.

  2. On the Imprivata Access Management page, you will see the following status message: Unable to verify integration. Unable to connect to Imprivata Access Management.

    On this page, copy the Enterprise integration ID to your clipboard.

  3. Leave this console open, and in a separate browser window, log into the Imprivata Cloud Platform.

  4. On the gear icon > Integrations tab, paste the Enterprise integration ID, and click Create integration token.

  5. After the token appears onscreen, click Copy integration token.

  6. Return to the Imprivata Admin Console > Imprivata Access Management page, and paste the integration token in the field provided, and click Integrate.

    When successful, the status message will read Integrated with Imprivata Access Management tenant, and your tenant ID is displayed. The Imprivata cloud services status panel on the Imprivata Admin Console also shows the new integration.

    NOTE:

    This integration applies to every appliance in the enterprise.

    NOTE:

    If you need to connect additional enterprises to this cloud tenant, or re-establish this connection, return to the Integrations tab to create an integration token again.

Stopping and Restarting This Connection

You can stop and restart this connection for the whole enterprise from any Imprivata Appliance Console, or on an appliance-by-appliance basis. The two statuses for the connection are Running or Disabled (stopped).

  1. In the Imprivata Appliance Console, go to System > Operations > Imprivata Cloud Connect.

  2. Imprivata Cloud Connect status is either Running or Disabled (stopped).

  3. Select Stop/restart options.

  4. Select from:

    • Stop Imprivata Cloud Connect on this appliance

    • Restart Imprivata Cloud Connect on this appliance

    • Stop Imprivata Cloud Connect on all appliances

    • Restart Imprivata Cloud Connect on all appliances

      NOTE:

      In this context, "Restart" means "start this stopped connection" and also "restart this connection that is already running".

  5. Click Go.

Expected Workflow

  1. In your browser, go to the Imprivata Control Center at access.imprivata.com

  2. Enter a username you associated with administrator access.

    The Imprivata Cloud Platform uses the administrator domain to locate your tenant in the cloud.

  3. The IdP you configured above launches the authentication workflow for this user.

  4. After you successfully authenticate, your Imprivata Control Center opens. Click Launch to open the Enterprise Access Management Admin Console without further authentication. If you have any other Imprivata products configured (and this user has access), their admin consoles are also available to launch from this page.