Vendor Management

ImprivataVendor Privileged Access Management (VPAM) enables you to receive secure and remote connections from your vendors to obtain support for your applications. The Vendors section of your VPAM server enables you to organize and manage all your vendors in a single User Interface location.

You can understand Vendors in your VPAM server in two senses:

  • Vendor: A company or organization that provides products or services to you.

  • Vendor Representatives (Vendor Reps): Team members of a company (Vendor).

This page contains information on how to manage your vendors.

Add a New Vendor

If you are a System Administrator, click Add New Vendor on the View Vendors page. Complete the New Vendor Form considering the requested Vendor Information.

View the Server's Vendors List

To view a list of all the Vendors configured in the system, click View Vendors on the Vendors drop-down menu.

To view the details for a single vendor, click View. The Vendor Details page contains the following information about a Vendor:

  • Vendor Information: Vendor name, VPAM department, contact information, Quick Connect access, authentication provider, access forms, and access rules.
    This information is required when you Add a New Vendor.

  • Vendor Representatives: Team members of your vendor who have registered to your VPAM server.

  • Applications: List of applications to which this Vendor and its Vendor Reps have access to.

  • Authorized Domains: The domain that the vendor rep must have to sign in and log in to the applications.

  • Disqualified Addresses: The local part of the address that is disabled to ever signing in and logging in to the applications.

  • Email Notification List: A customizable list of email addresses that receive notifications from your VPAM server.

  • Authentication Requirements: A list of option to increase security for vendor and vendor rep access to your applications.

  • Vendor Networks: A list of customizable networks that are authorized to access your applications.

The following sections contain the available configurations for each section of the Vendor Details page. Edit the details by clicking Edit in the Vendor Details page.

Vendor Information

The vendor information that you can add when adding a new vendor, or modify when editing a vendor is:

Attribute Description
Name The unique name of the Vendor organization.
Department The department in your VPAM server to which the Vendor belongs.
Read the Roles documentation.
Description A short and concise description of who your Vendor is.
Primary Contact The name of the key representative of your Vendor's organization.
Contact Phone The phone number of the key representative of your Vendor's organization.
Contact Email The email address of the key representative of your Vendor's organization.
Allow Quick Connect

A checkbox to provide a Vendor-level access to Quick Connect sessions.

Read the Sessions documentation for more information.
Vendor Connection Form

A drop-down to select the form that a Vendor Rep must complete before initiating a session with the authorized applications.

Read the Custom Forms documentation.
Disable inactive vendor reps after _ days A rule to disable access to Vendor Reps that do not log in to your applications in a specific number of days.
Notes A text box to add notes about the Vendor.
Approval Rules

A list of approval rules for a new Vendor Rep who attempts to log in.
Pre-Approval Message The automated message that your Vendor Rep receives before being granted approval.
Approval Profile

The approval form that the VPAM administrator completes before granting approval to a Vendor Rep.

Read the Approval and Approval Profiles documentation for more information.

The Access Expire rule is always available for editing. Consider the following Access Expire rules:

  • Disable Access Now: Instantly remove access to all Users and Vendor Reps. You can reinstate the access by changing this configuration again.

  • Enable Access for: State a time in hours, days, or weeks for this application to be accessible by Users and Vendor Reps. When the time passes, Access is restricted.

  • Enable Access Until: Set a date and time in which access is open. When the date and time arrive, Access is restricted.

  • Use an Access Schedule: Set the days and time when you open access. The weekly access feature displays when you select this option.

Vendor Representatives

The Vendor Representatives section contains a list of your Vendor's team members that have attempted to sign in or are already approved. This section also displays the status and date when their access expires.

You can add a Vendor Representative directly:

  1. Click New Vendor Rep.

  2. Provide an Email address and Name for the Vendor Rep.

    The domain portion of the email address is restricted to one of this Vendor's Authorized Domains. Add only the local part of the address, without an @ sign.

  3. Add more information to the Vendor Rep like Department, Phone, or Notes.

  4. Click Save.
    The system displays the Vendor Rep details and a note that indicates the registration email has been sent.

If you already have Vendor Reps assigned to this vendor, you can edit and disable specific Vendor Reps:

  1. Click View on the vendor rep account that you want to edit, disable, or delete.

  2. Click Edit.

  3. Click Disable or Delete.
    If a Vendor Rep is already disabled, you can enable them with this process.

Applications

The Applications section lists the Applications that this Vendor and its Vendor Reps can access. Imprivata Vendor Privileged Access Management administrators can change the Applications available to the Vendor by clicking the Edit icon at the top of the Vendor Details page.

Vendor Application Groups

Vendor Application Groups in VPAM enable System Administrators to organize applications and vendor reps into smaller, manageable units within a single Vendor's account. With this feature, System Administrators can organize multiple internal teams that share the same email domain, but perform different functions and require different access to applications within VPAM.

Without Application Groups, all vendor reps of a Vendor can see and be notified about all applications assigned to that Vendor. In environments where multiple teams operate under the same Vendor, this can generate unnecessary notifications being sent to individuals who are not responsible for those applications.

Application Groups solve this by enabling administrators to:

  • Divide applications into logical groups.

  • Assign vendor representatives only to the groups relevant to their responsibilities.

  • Ensure that email notifications and approval requests are sent only to the vendor representatives who have access to the corresponding application.

When paired with the Approval Per Application setting, Application Groups help ensure that notifications are delivered accurately, providing clarity and security for both customers and vendors.

Configure Application Groups by following the steps below:

The Vendor Application Groups are set by inactive by default. Activate the feature with the following steps:

  1. Open the Vendor Detail page of the Vendor you want to edit.

  2. Locate and click the Enable Application Groups setting.
    The system create a default application group where all applications and vendor reps are automatically included.

After you enable Application Groups in a Vendor, you can continue to create application groups that follow your requirements. From the Vendor Details page:

  1. Click New Application Group.

  2. Provide a name and description to the group.

  3. Select the applications that belong to this group.

  4. Save the changes.

Repeat this process as many times as you need. VPAM does not have a limit to the number of Application Groups a vendor can have, but a single application can not belong to two different Application Groups.

To assign Vendor Reps to an Application Group:

  1. Open the Vendor Detail page and locate the Vendor Rep that you want to add to an Application Group.

  2. Edit the Vendor Rep's account.

  3. Select the group or groups to which the representative should belong.

  4. Save the changes.

A Vendor Rep must belong to at least one group at all times.

A Vendor Rep can belong to several Application Groups.

The Approval Per Application configuration forces Vendor Reps to request approval to connect to an application. With this setting, Vendor Reps will only receive notifications and emails from the Application Groups that they belong. Configure the Approval Per Application setting with the following:

  1. Open the Vendor Detail page.

  2. Click Edit.

  3. Locate the Authentication Provider section.

  4. Select Require approval for Vendor Reps per Application based on the Application's Department.

  5. Click Save.

You can also modify this setting at a server level. Read the Passwords and Accounts document.

Authorized Domains

The Authorized Domains section contains a list of the domains that a Vendor Rep must have to access VPAM applications. All Vendor Reps email addresses must be accounts at one of the Authorized Domains for the Vendor. This ensures that the Vendor Reps are still employed by the Vendor, since they will need access to their corporate email in order to log in.

Admins can add or delete domains by clicking New Domain or Delete.

Disqualified Email Addresses

Disqualified email addresses are Vendor email addresses that are not allowed to receive registrations. Vendor Reps may not be created with an email address listed in the Disqualified Addresses section. This helps to prevent log in registrations from being sent to distribution lists and catch-all email addresses.

Admins can add or delete addresses by clicking New Address or Delete.

Email Notification List

The Email Notification List provides addresses for users who handle the Vendor Rep log in authorization when the Allow self registration setting is turned on.

Read the Passwords & Accounts documentation for more information.

Attribute Description
Name The unique name of the Vendor organization.
Department The department in your VPAM server to which the Vendor belongs.
Read the Roles documentation.
Description A short and concise description of who your Vendor is.
Primary Contact The name of the key representative of your Vendor's organization.
Contact Phone The phone number of the key representative of your Vendor's organization.
Contact Email The email address of the key representative of your Vendor's organization.
Allow Quick Connect

A checkbox to provide a Vendor-level access to Quick Connect sessions.

Read the Sessions documentation for more information.
Vendor Connection Form

A drop-down to select the form that a Vendor Rep must complete before initiating a session with the authorized applications.

Read the Custom Forms documentation.
Disable inactive vendor reps after _ days A rule to disable access to Vendor Reps that do not log in to your applications in a specific number of days.
Notes A text box to add notes about the Vendor.
Approval Rules

A list of approval rules for a new Vendor Rep who attempts to log in.
Pre-Approval Message The automated message that your Vendor Rep receives before being granted approval.
Approval Profile

The approval form that the VPAM administrator completes before granting approval to a Vendor Rep.

Read the Approval and Approval Profiles documentation for more information.

When adding a new vendor, you can grant them access to existing applications. Learn more about Applications.