Healthcare organizations can integrate Imprivata OneSign with Chrome Enterprise to let users sign in to managed ChromeOS devices by tapping their badge, instead of having to enter their username and password.
Requirements
To use ChromeOS devices with Imprivata OneSign, you need:
- ChromeOS or ChromeOS Flex devices—See Features and peripherals table below for version requirements. We recommend that you use devices with an I-class processor and at least 8 GB of RAM.
- Chrome Enterprise Upgrade for each device you want to manage.
- Imprivata OneSign:
- G3 appliance—See Features and peripherals table below for version requirements.
- Authentication Management (AM) licenses.
- Virtual Desktop Access (VDA) licenses.
- Virtual app and desktop solution:
- Citrix Virtual Apps and Desktops version 7.15 or later, or
- VMware Horizon 7.12 or later.
Note: Additional requirements apply if you’re using Virtual App and Desktop Launcher (V-Launcher) to launch virtualized apps or desktops on managed ChromeOS devices. For example, you might want to turn on Fast User Switching (FUS) inside of virtualized electronic health records (EHRs) on ChromeOS devices. See the V-Launcher deployment guide.
What's supported?
With our latest release, we’ve added the following new features in ChromeOS Imprivata integration version 4:
- Support for user sessions on assigned devices—User sessions allow users to personalize their experience, for example using monitor and keyboard settings on their assigned devices. They also streamline user access to services such as Chrome sync and Google Workspace. By using Imprivata version 4 for authentication to user sessions on assigned devices, you can offer the same user experience as shared devices that run managed guest sessions. Read about user sessions and managed guest sessions.
- Workflow enhancements
- One-click launch of virtual desktop infrastructure (VDI) apps—For one-click launch, you can pin a specific virtualized app, in most cases the EHR virtualization, to the shelf.
- VDI loading state—Users have full transparency about the loading progress of their launched VDI resources. Loading errors are handled proactively.
- Internationalization
-
12 supported languages—Arabic, Danish, Dutch, Finnish, English, French, German, Italian, Norwegian (Bokmål), Portuguese, Spanish, Swedish.
- NHS Spine Platform support—UK customers can use Spine ticket support and virtual Spine smartcard support.
-
- Simplified deployment—You can use the Google Admin console to access logs and receive remote support, facilitating your initial deployment and offering ongoing support.
- Enhanced stability—We reduce load to the Imprivata appliance, allow a fallback to managed guest sessions in case of Imprivata appliance outages, and have added additional update policies.
- Maintenance—The Imprivata version 4 extension is built on Manifest V3. We recommend that you update the Imprivata extension to version 4 before Manifest V2 stops working for extensions. Read about Manifest V2 support timeline.
Features and peripherals
ChromeOS Imprivata integration | v1 | v2 | v3 | v4 | |
---|---|---|---|---|---|
Requirements | Minimum ChromeOS version | 81 | 86 | 97 | 118 |
Minimum ChromeOS Flex version | 81 | 89 | 104 | 118 | |
Imprivata appliance version |
7.1 HF1 |
7.2 SP1 HF4, |
7.2 SP1 HF4, |
7.2 SP1 HF4, 7.3 HF1, or later |
|
Setup types |
Isolated managed guest sessions (Imprivata Type 1: Single user) |
✔ | ✔ | ✔ | ✔ |
Shared managed guest sessions (Imprivata Type 2: Shared kiosk) |
✘ | ✘ | ✔ | ✔ | |
User sessions | ✘ | ✘ | ✘ | ✔ | |
Modalities | Proximity card (authentication and enrollment) | ✔ | ✔ | ✔ | ✔ |
Password (authentication, update, reset) | ✔ | ✔ | ✔ | ✔ | |
Security questions (enrollment) | ✔ | ✔ | ✔ | ✔ | |
PIN (authentication, update, enrollment) | ✔ | ✔ | ✔ | ✔ | |
Workflows | Sign in (single and multi-factor authentication) | ✔ | ✔ | ✔ | ✔ |
Lock and unlock (tap in and out) | ✔ | ✔ | ✔ | ✔ | |
Switch users (tap over) | ✔ | ✔ | ✔ | ✔ | |
Roam between devices | ✔ | ✔ | ✔ | ✔ | |
VDI (Citrix) | Autolaunch desktops and apps | ✔ | ✔ | ✔ | ✔ |
Manually launch apps from launcher | ✘ | ✔ | ✔ | ✔ | |
Virtual channel support | ✔ | ✔ | ✔ | ✔ | |
Fast User Switching at the application level, Epic only mode | ✘ | ✘ | ✔ | ✔ | |
One-click launch of VDI apps | ✘ | ✘ | ✘ | ✔ | |
VDI loading state | ✘ | ✘ | ✘ | ✔ | |
VDI (VMWare) | Autolaunch desktops and apps | ✘ | ✘ | ✔ | ✔ |
Manually launch apps from launcher | ✘ | ✘ | ✔ | ✔ | |
Virtual channel support | ✘ | ✘ | ✔ | ✔ | |
Fast User Switching at the application level, Epic only mode | ✘ | ✘ | ✔ | ✔ | |
One-click launch of VDI apps | ✘ | ✘ | ✘ | ✔ | |
VDI loading state | ✘ | ✘ | ✘ | ✔ | |
Web apps | Single sign-on (SSO) into web applications via SAML | ✘ | ✔ | ✔ | ✔ |
Dynamic SSO redirection (ADFS) |
✘ | ✘ | ✘ | ✔ | |
Stability | Imprivata appliance failover | ✔ | ✔ | ✔ | ✔ |
Fallback to managed guest sessions |
✘ | ✘ | ✘ | ✔ | |
Update policy | ✘ | ✘ | ✘ | ✔ | |
Peripherals | rf IDEAS proximity card readers | ✔ | ✔ | ✔ | ✔ |
Personal Computer/Smart Card (PC/SC) proximity card readers | ✘ | ✔ | ✔ | ✔ | |
MiFare proximity card reader | ✘ | ✘ | ✘ | ✔ |
Peripherals
Verified rf IDEAS badge readersSingle frequency 125 kHz.
Models starting with:
- RDR-60 = IMP-60 = IMP-NV60
- RDR-62
- RDR-63
- RDR-64
- RDR-67
- RDR-69
- RDR-6C
- RDR-6E
- RDR-6G
- RDR-6H
- RDR-6N
- RDR-6T
- RDR-6Z
Single frequency 13.56 MHz.
Models starting with:
- RDR-70
- RDR-75 = IMP-75 = IMP-NV75
- RDR-7F
- RDR-7L
Dual frequency 125kHz and 13.56MHz.
Models starting with:
- RDR-805 = IMP-80
- RDR-800 = IMP-82
- RDR-305 = IMP-80-BLE
- RDR-300 = IMP-82-BLE
- RDR-80M (currently not configurable via the Imprivata Admin Console)
KSI
- KSI-1700
- KSI-1900
PC/SC readers require additional configuration steps. For details, see Configure additional features.
- IMP-MFR-75
- HID OMNIKEY 5022
- HID OMNIKEY 5023
- HID OMNIKEY 5025 CL
- HID OMNIKEY 5427 CK
- HID OMNIKEY 5422
- HDW-IMP-MFR75A
Google and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.