Healthcare organizations can integrate Imprivata OneSign with Chrome Enterprise to let users sign in to managed ChromeOS devices by tapping their badge, instead of having to enter their username and password.
Requirements
To use ChromeOS devices with Imprivata OneSign, you need:
- ChromeOS or ChromeOS Flex devices—See Features and peripherals table below for version requirements. We recommend that you use devices with an I-class processor and at least 8 GB of RAM.
- Chrome Enterprise Upgrade for each device you want to manage.
- Imprivata OneSign:
- G3 appliance—See Features and peripherals table below for version requirements.
- Authentication Management (AM) licenses.
- Virtual Desktop Access (VDA) licenses.
- Virtual app and desktop solution:
- Citrix Virtual Apps and Desktops version 7.15 or later, or
- VMware Horizon 7.12 or later.
Note: Additional requirements apply if you’re using Virtual App and Desktop Launcher (V-Launcher) to launch virtualized apps or desktops on managed ChromeOS devices. For example, you might want to turn on Fast User Switching (FUS) inside of virtualized electronic health records (EHRs) on ChromeOS devices. See the V-Launcher deployment guide.
What's supported?
Features and peripherals
From October 2024 onwards, we recommend that you use the bundled ChromeOS Imprivata extension. This assures that you do not get Imprivata extension feature updates outside of the ChromeOS rollout cycle, reduces the complexity of your Imprivata setup, and therefore increases its stability. In addition, the bundling of ChromeOS and Imprivata extensions allows for more regular updates as part of regular ChromeOS updates.
Note: The existing pinned Imprivata version 4 extension remains available for now to allow migration at your organization's pace.
| ChromeOS Imprivata integration | v3 | v4 | Bundled with ChromeOS (recommended) | |
|---|---|---|---|---|
| Updates | Continued bug fixes and security updates | ✘ | ✘ | ✔ |
| Requirements | Minimum ChromeOS version | 97 | 118 | 118 |
| Minimum ChromeOS Flex version | 104 | 118 | 118 | |
| Imprivata appliance version |
7.2 SP1 HF4, |
7.2 SP1 HF4, 7.3 HF1, or later |
7.2 SP1 HF4, 7.3 HF1, or later |
|
| Setup types |
Isolated managed guest sessions (Imprivata Type 1: Single user) |
✔ | ✔ | ✔ |
|
Shared managed guest sessions (Imprivata Type 2: Shared kiosk) |
✔ | ✔ | ✔ | |
| User sessions | ✘ | ✔ | ✔ | |
| Modalities | Proximity card (authentication and enrollment) | ✔ | ✔ | ✔ |
| Password✔ (authentication, update, reset) | ✔ | ✔ | ✔ | |
| Security questions (enrollment) | ✔ | ✔ | ✔ | |
| PIN (authentication, update, enrollment) | ✔ | ✔ | ✔ | |
| Workflows | Sign in (single and multi-factor authentication) | ✔ | ✔ | ✔ |
| Lock and unlock (tap in and out) | ✔ | ✔ | ✔ | |
| Switch users (tap over) | ✔ | ✔ | ✔ | |
| Roam between devices | ✔ | ✔ | ✔ | |
| VDI (Citrix) | Autolaunch desktops and apps | ✔ | ✔ | ✔ |
| Manually launch apps from launcher | ✔ | ✔ | ✔ | |
| Virtual channel support | ✔ | ✔ | ✔ | |
| Fast User Switching at the application level, Epic only mode | ✔ | ✔ | ✔ | |
| One-click launch of VDI apps | ✘ | ✔ | ✔ | |
| VDI loading state | ✘ | ✔ | ✔ | |
| VDI (VMWare) | Autolaunch desktops and apps | ✔ | ✔ | ✔ |
| Manually launch apps from launcher | ✔ | ✔ | ✔ | |
| Virtual channel support | ✔ | ✔ | ✔ | |
| Fast User Switching at the application level, Epic only mode | ✔ | ✔ | ✔ | |
| One-click launch of VDI apps | ✘ | ✔ | ✔ | |
| VDI loading state | ✘ | ✔ | ✔ | |
| Web apps | Single sign-on (SSO) into web applications via SAML | ✔ | ✔ | ✔ |
|
Dynamic SSO redirection (ADFS) |
✘ | ✔ | ✔ | |
| Stability | Imprivata appliance failover | ✔ | ✔ | ✔ |
|
Fallback to managed guest sessions |
✘ | ✔ | ✔ | |
| Update policy | ✘ | ✔ | ✔ | |
| Peripherals | rf IDEAS proximity card readers | ✔ | ✔ | ✔ |
| Personal Computer/Smart Card (PC/SC) proximity card readers | ✔ | ✔ | ✔ | |
| MiFare proximity card reader | ✘ | ✔ | ✔ | |
Peripherals
Verified rf IDEAS badge readersSingle frequency 125 kHz.
Models starting with:
- RDR-60 = IMP-60 = IMP-NV60
- RDR-62
- RDR-63
- RDR-64
- RDR-67
- RDR-69
- RDR-6C
- RDR-6E
- RDR-6G
- RDR-6H
- RDR-6N
- RDR-6T
- RDR-6Z
Single frequency 13.56 MHz.
Models starting with:
- RDR-70
- RDR-75 = IMP-75 = IMP-NV75
- RDR-7F
- RDR-7L
Dual frequency 125kHz and 13.56MHz.
Models starting with:
- RDR-805 = IMP-80
- RDR-800 = IMP-82
- RDR-305 = IMP-80-BLE
- RDR-300 = IMP-82-BLE
- RDR-80M (currently not configurable via the Imprivata Admin Console)
KSI
- KSI-1700
- KSI-1900
PC/SC readers require additional configuration steps. For details, see Configure additional features.
- IMP-MFR-75
- HID OMNIKEY 5022
- HID OMNIKEY 5023
- HID OMNIKEY 5025 CL
- HID OMNIKEY 5427 CK
- HID OMNIKEY 5422
- HDW-IMP-MFR75A
Google and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.