Planning your return to office strategy? See how Chrome OS can help.

Use Chrome OS devices with Imprivata OneSign

Set up Imprivata OneSign on Chrome devices

For managed Chrome OS devices.

Healthcare organizations can integrate Imprivata OneSign with Chrome Enterprise to let users sign in to managed Chrome devices by tapping their badge, instead of having to enter their username and password.


To use Chrome devices with Imprivata OneSign, you need:

  • Chrome or Neverware CloudReady devices (see table below for version requirements). We recommend that you use devices with an I-class processor and at least 8 GB of RAM.
  • Chrome Enterprise Upgrade for each device you want to manage.
  • Imprivata OneSign:
    • G3 appliance (see table below for version requirements)
    • Authentication Management (AM) licenses
    • Virtual Desktop Access (VDA) licenses
  • Citrix Virtual Apps and Desktops version 7.15 or later

What's supported?

With our latest release, we’ve added the following new features in version 2:

  • Citrix published apps and desktops—Users can use the launcher menu on Chrome OS devices to launch Citrix resources (apps and desktops) that you configured using the Imprivata Admin console.
  • Web SSO—Configure Web SSO to let users be automatically signed in to web applications with their Imprivata identity using SAML when they're using the native Chrome Browser on Chrome devices.
  • Extended proximity card reader support—Added support for IMP-MFR-75 and HID OMNIKEY devices.


Chrome OS Imprivata integration v1 v2
Requirements Minimum Chrome OS version 81 86
Minimum Neverware version 81 89
Imprivata appliance version 7.1 HF1

7.2 SP1 HF4

7.3 HF1 or later

Modalities Proximity card (authentication and enrollment)
Password (authentication, update and reset)
Security questions (enrollment)
PIN (authentication, update, enrollment)
Workflows Sign in (single and multi-factor authentication)
Lock and unlock (tap in and out)
Switch user sessions (tap over)
Roam between devices
Single sign-on into web applications via SAML (Web SSO)
VDI (Citrix) Autolaunch desktops and apps
Manually launch apps on demand from launcher
Virtual channel support
Peripherals rf IDEAS proximity card readers
Personal Computer/Smart Card (PC/SC) proximity card readers
Other Imprivata appliance failover
screen UI customizations

Extension IDs

Extension v1

screen extension ID olnmflhcfkifkgbiegcoabineoknmbjc
In-session extension ID kmhpgpnbglclbaccjjgoioogjlnfgbne
Update URL

Extension v2

Login screen extension ID pmhiabnkkchjeaehcodceadhdpfejmmd
In-session extension ID cjakdianfealdjlapagfagpdpemoppba
Update URL


Verified rf IDEAS badge readers

Single frequency 125 kHz.

Models starting with:

  • RDR-60 = IMP-60 = IMP-NV60
  • RDR-62
  • RDR-63
  • RDR-64
  • RDR-67
  • RDR-69
  • RDR-6C
  • RDR-6E
  • RDR-6G
  • RDR-6H
  • RDR-6N
  • RDR-6T
  • RDR-6Z

Single frequency 13.56 MHz.

Models starting with:

  • RDR-70
  • RDR-75 = IMP-75 = IMP-NV75
  • RDR-7F
  • RDR-7L

Dual frequency 125kHz and 13.56MHz.

Models starting with:

  • RDR-805 = IMP-80
  • RDR-800 = IMP-82
  • RDR-305 = IMP-80-BLE
  • RDR-300 = IMP-82-BLE


  • KSI-1700
  • KSI-1900

PC/SC readers

PC/SC readers require additional configuration steps. For details, see Configure additional features.
  • IMP-MFR-75
  • HID OMNIKEY 5022
  • HID OMNIKEY 5023
  • HID OMNIKEY 5422

Overview of steps

  1. Prepare your rollout
  2. Set policies
  3. (Optional) Configure additional features
  4. Resolve common issues with Imprivata OneSign integration

Related topics

Google and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.

Was this helpful?
How can we improve it?
Clear search
Close search
Google apps
Main menu
Search Help Center