Vendor Management

Imprivata Vendor Privileged Access Management (VPAM) enables you to receive secure and remote connections from your vendors to obtain support for your applications. The Vendors section of your VPAM server enables you to organize and manage all your vendors in a single User Interface location.

You can understand Vendors in your VPAM server in two senses:

  • Vendor: A company or organization that provides products or services to you.

  • Vendor Representatives (Vendor Reps): Team members of a company (Vendor).

This page contains information on how to manage your vendors.

View Vendors and Vendor Details

To view a list of all the Vendors configured in the system, click View Vendors on the Vendors drop-down menu.

To view the details for a single vendor, click View. The Vendor Details page contains the following information about a Vendor:

  • Vendor Information: Vendor name, VPAM department, contact information, Quick Connect access, authentication provider, access forms, and access rules.

  • Vendor Representatives: Team members of your vendor who have registered to your VPAM server.

  • Applications: List of applications to which this Vendor and its Vendor Reps have access to.

  • Authorized Domains: The domain that the vendor rep must have to sign in and log in to the applications.

  • Disqualified Addresses: The local part of the address that is disabled to ever signing in and logging in to the applications.

  • Email Notification List: A customizable list of email addresses that receive notifications from your VPAM server.

  • Authentication Requirements: A list of option to increase security for vendor and vendor rep access to your applications.

  • Vendor Networks: A list of customizable networks that are authorized to access your applications.

The following sections contain the available configurations for each section of the Vendor Details page. Edit the details by clicking Edit in the Vendor Details page.

The vendor information that you can add when creating a new vendor, or modify when editing a vendor is:

Attribute Description
Name The unique name of the Vendor organization.
Department The department in your VPAM server to which the Vendor belongs.
Read the Roles section of the System Admin Guide for more information.
Description A short and concise description of who your Vendor is.
Primary Contact The name of the key representative of your Vendor's organization.
Contact Phone The phone number of the key representative of your Vendor's organization.
Contact Email The email address of the key representative of your Vendor's organization.
Allow Quick Connect

A checkbox to provide a Vendor-level access to Quick Connect sessions.

Read the Sessions documentation for more information.
Vendor Connection Form

A drop-down to select the form that a Vendor Rep must complete before initiating a session with the authorized applications.

Read the Vendor Connection Form section of the Settings document for System Admins for more information.
Disable inactive vendor reps after _ days A rule to disable access to Vendor Reps that do not log in to your applications in a specific number of days.
Notes A text box to add notes about the Vendor.
Approval Rules

A list of approval rules for a new Vendor Rep who attempts to log in.
Pre-Approval Message The automated message that your Vendor Rep receives before being granted approval.
Approval Profile

The approval form that the VPAM administrator completes before granting approval to a Vendor Rep.

Read the Approval section of the Settings document for System Admins for more information.

The Access Expire rule is always available for editing. Consider the following Access Expire rules:

  • Disable Access Now: Instantly remove access to all Users and Vendor Reps. You can reinstate the access by changing this configuration again.

  • Enable Access for: State a time in hours, days, or weeks for this application to be accessible by Users and Vendor Reps. When the time passes, Access is restricted.

  • Enable Access Until: Set a date and time in which access is open. When the date and time arrive, Access is restricted.

  • Use an Access Schedule: Set the days and time when you open access. The weekly access feature displays when you select this option.

The Vendor Representatives section contains a list of your Vendor's team members that have attempted to sign in or are already approved. This section also displays the status and date when their access expires.

You can add a Vendor Representative directly:

  1. Click New Vendor Rep.

  2. Provide an Email address and Name for the Vendor Rep.

    The domain portion of the email address is restricted to one of this Vendor's Authorized Domains. Add only the local part of the address, without an @ sign.

  3. Add more information to the Vendor Rep like Department, Phone, or Notes.

  4. Click Save.
    The system displays the Vendor Rep details and a note that indicates the registration email has been sent.

If you already have Vendor Reps assigned to this vendor, you can edit and disable specific Vendor Reps:

  1. Click View on the vendor rep account that you want to edit, disable, or delete.

  2. Click Edit.

  3. Click Disable or Delete.
    If a Vendor Rep is already disabled, you can enable them with this process.

The Applications section lists the Applications that this Vendor and its Vendor Reps can access. Imprivata Vendor Privileged Access Management administrators can change the Applications available to the Vendor by clicking the Edit icon at the top of the Vendor Details page.

The Application Groups section lists the Application Groups defined for this Vendor. An Application Group allows the Imprivata Vendor Privileged Access Management administrators and Vendor Admins to configure which Vendor Reps have access to which Applications within the Vendor.

Initially, Application Groups are disabled for the Vendor. They can be enabled by clicking Enable Application Groups. You can disable the feature and revert the Vendor to the previous behavior, preserving the Application Groups you may have configured before, in case you wish to re-enable the feature later.

The first time you enable Application Groups, you will need to create an initial, default Application Group. This group will contain all Applications and Vendor Reps in the vendor. You can edit it later.

After the feature is enabled, Applications Groups available to the Vendor can be added by clicking Add New Application Group, and can be edited or deleted from the same page by clicking Edit or Delete in the Actions column.

You can also select a new group to be the default. There must be exactly one default group at all times.

Each Vendor Rep and each Application within the Vendor must belong to at least one Application Group at all times. Vendor Reps can only access Applications within the Application Groups they belong. Newly added Applications will be placed in the default Application Group. Individual Vendor Rep access can be configured from the Vendor Rep Edit page.

For Nexus Vendors, you need to have Vendor Rep Approval enabled in order to enable Application Groups.

The Authorized Domains section contains a list of the domains that a Vendor Rep must have to access VPAM applications. All Vendor Reps email addresses must be accounts at one of the Authorized Domains for the Vendor. This ensures that the Vendor Reps are still employed by the Vendor, since they will need access to their corporate email in order to log in.

Admins can add or delete domains by clicking New Domain or Delete.

Disqualified email addresses are Vendor email addresses that are not allowed to receive registrations. Vendor Reps may not be created with an email address listed in the Disqualified Addresses section. This helps to prevent log in registrations from being sent to distribution lists and catch-all email addresses.

Admins can add or delete addresses by clicking New Address or Delete.

The Email Notification List provides addresses for users who handle the Vendor Rep log in authorization when the Allow self registration setting is turned on.

Read the Vendor Representative Settings in the Passwords & Accounts section of the System Admin Guide for more information on self registration.

Add a New Vendor

If you are an Admin user, click Add New Vendor on the View Vendors page. Complete the New Vendor Form considering the following:

Attribute Description
Name The unique name of the Vendor organization.
Department The department in your VPAM server to which the Vendor belongs.
Read the Roles section of the System Admin Guide for more information.
Description A short and concise description of who your Vendor is.
Primary Contact The name of the key representative of your Vendor's organization.
Contact Phone The phone number of the key representative of your Vendor's organization.
Contact Email The email address of the key representative of your Vendor's organization.
Allow Quick Connect

A checkbox to provide a Vendor-level access to Quick Connect sessions.

Read the Sessions documentation for more information.
Vendor Connection Form

A drop-down to select the form that a Vendor Rep must complete before initiating a session with the authorized applications.

Read the Vendor Connection Form section of the Settings document for System Admins for more information.
Disable inactive vendor reps after _ days A rule to disable access to Vendor Reps that do not log in to your applications in a specific number of days.
Notes A text box to add notes about the Vendor.
Approval Rules

A list of approval rules for a new Vendor Rep who attempts to log in.
Pre-Approval Message The automated message that your Vendor Rep receives before being granted approval.
Approval Profile

The approval form that the VPAM administrator completes before granting approval to a Vendor Rep.

Read the Approval section of the Settings document for System Admins for more information.

When adding a new vendor, you can grant them access to existing applications. Learn more about Applications.