Difference between revisions of "Imprivata"

Revision as of 14:11, 19 August 2016

Imprivata OneSign Single Sign-On (SSO) is a supported login method in NoTouch Desktop. To use Imprivata, you need a working and configured Imprivata appliance. NoTouch supports - as does Imprivata - different authentication methods, among them contactless proximity cards and on the other hand simple password authentication. Imprivata support is available in Stratodesk NoTouch -EEsi- type OS images and requires NoTouch Center 4.2.58 or later.

Basic functionality introduction

NoTouch contains a client-side software module that consumes the Imprivata API that is provided by the appliance. The client-side software module drives proximity card readers (if any), communicates with the user, verifies credentials with the Imprivata appliance and finally starts a connection, such as Citrix or VMware View.

It can handle password and RFID/proximity card authentication methods as defined in your Imprivata Appliance. The configuration in the NoTouch side is easy, since you only need to set how to connect to your Imprivata appliance and some very basic settings.

Get going with NoTouch and Imprivata

1. Make sure your Imprivata appliance is configured and running
2. Create and configure a connection in NoTouch. Give it a descriptive name (you will need to enter that name into the Imprivata parameters). Make sure the connection works, in a first step test without Imprivata.
3. Go to the Imprivata configuration parameters in NoTouch (as described in the next section) and configure at least these three values:
   • Set "Start service" to "on"
   • Let "Host" point to the Imprivata appliance
   • Set the name of the connection to launch
   • You may also want to switch off certificate validation, at least in lab environments
4. Get the CA root certificate of the Imprivata appliance and add it to your NoTouch environment as described here: Certificates
   • The root certificate used to sign the SSL certificates can be downloaded from the Imprivata Admin Console. On the SSL tab of the Security page, click the link Click here to download the certificate of this CA. Download the file ssoCA.cer.

Imprivata configuration

The Imprivata parameters are part of the Services parameter. Navigate to the Services tab and look for "Imprivata". There you will find these parameters:

• Start service. This is the master switch to use the Imprivata functionality. To use Imprivata OneSign SSO, switch it to "on".
• Host. The DNS host name or IP address of the Imprivata appliance.
• Name of connection to launch. The actual connection name that the Imprivata module will start upon successful authentication. Be careful - check for typos, missing or too many spaces.
• Log level. By default this is set to "none" to indicate no logging is desired. In case you run into problems or when directed by any vendor's support engineers, switch it to "debug".
• Verify certificates. Denotes if NoTouch should check certificates. By default this is on.
• Tapping mode. With this parameter you can specify what should happen if the user taps the proximity card while a session is established:
  • None. This setting denotes that nothing should happen.
  • Close running connection. This setting disconnects the user.
  • Close running connection and allow user switch. Similar to the setting above this disconnects the user, but it allows to begin login for a different card. Use this if you want one user to be able to disconnect another one.