Use ChromeOS devices with Imprivata OneSign

Set up Imprivata OneSign on ChromeOS devices

For managed ChromeOS devices.

Healthcare organizations can integrate Imprivata OneSign with Chrome Enterprise to let users sign in to managed ChromeOS devices by tapping their badge, instead of having to enter their username and password.

Requirements

To use ChromeOS devices with Imprivata OneSign, you need:

  • ChromeOS or ChromeOS Flex devices—See Features and peripherals table below for version requirements. We recommend that you use devices with an I-class processor and at least 8 GB of RAM.
  • Chrome Enterprise Upgrade for each device you want to manage.
  • Imprivata OneSign:
    • G3 appliance—See Features and peripherals table below for version requirements.
    • Authentication Management (AM) licenses.
    • Virtual Desktop Access (VDA) licenses.
  • Virtual app and desktop solution:
    • Citrix Virtual Apps and Desktops version 7.15 or later, or
    • VMware Horizon 7.12 or later.

Note: Additional requirements apply if you’re using Virtual App and Desktop Launcher (V-Launcher) to launch virtualized apps or desktops on managed ChromeOS devices. For example, you might want to turn on Fast User Switching (FUS) inside of virtualized electronic health records (EHRs) on ChromeOS devices. See the V-Launcher deployment guide.

What's supported?

Features and peripherals

From October 2024 onwards, we recommend that you use the bundled ChromeOS Imprivata extension. This assures that you do not get Imprivata extension feature updates outside of the ChromeOS rollout cycle, reduces the complexity of your Imprivata setup, and therefore increases its stability. In addition, the bundling of ChromeOS and Imprivata extensions allows for more regular updates as part of regular ChromeOS updates.

Note: The existing pinned Imprivata version 4 extension remains available for now to allow migration at your organization's pace.
 

ChromeOS Imprivata integration v3 v4 Bundled with ChromeOS (recommended)
Updates Continued bug fixes and security updates
Requirements Minimum ChromeOS version 97 118 118
Minimum ChromeOS Flex version 104 118 118
Imprivata appliance version

7.2 SP1 HF4,
7.3 HF1,
or later

7.2 SP1 HF4,
7.3 HF1,
or later
7.2 SP1 HF4,
7.3 HF1,
or later
Setup types

Isolated managed guest sessions

(Imprivata Type 1: Single user)

Shared managed guest sessions

(Imprivata Type 2: Shared kiosk)

User sessions
Modalities Proximity card (authentication and enrollment)
Password (authentication, update, reset)
Security questions (enrollment)
PIN (authentication, update, enrollment)
Workflows Sign in (single and multi-factor authentication)
Lock and unlock (tap in and out)
Switch users (tap over)
Roam between devices
VDI (Citrix) Autolaunch desktops and apps
Manually launch apps from launcher
Virtual channel support
Fast User Switching at the application level, Epic only mode
One-click launch of VDI apps
VDI loading state
VDI (VMWare) Autolaunch desktops and apps
Manually launch apps from launcher
Virtual channel support
Fast User Switching at the application level, Epic only mode
One-click launch of VDI apps
VDI loading state
Web apps Single sign-on (SSO) into web applications via SAML

Dynamic SSO redirection (ADFS)

Stability Imprivata appliance failover

Fallback to managed guest sessions

Update policy
Peripherals rf IDEAS proximity card readers
Personal Computer/Smart Card (PC/SC) proximity card readers
MiFare proximity card reader

Peripherals

Verified rf IDEAS badge readers

Single frequency 125 kHz.

Models starting with:

  • RDR-60 = IMP-60 = IMP-NV60
  • RDR-62
  • RDR-63
  • RDR-64
  • RDR-67
  • RDR-69
  • RDR-6C
  • RDR-6E
  • RDR-6G
  • RDR-6H
  • RDR-6N
  • RDR-6T
  • RDR-6Z

Single frequency 13.56 MHz.

Models starting with:

  • RDR-70
  • RDR-75 = IMP-75 = IMP-NV75
  • RDR-7F
  • RDR-7L

Dual frequency 125kHz and 13.56MHz.

Models starting with:

  • RDR-805 = IMP-80
  • RDR-800 = IMP-82
  • RDR-305 = IMP-80-BLE
  • RDR-300 = IMP-82-BLE
  • RDR-80M (currently not configurable via the Imprivata Admin Console)

KSI

  • KSI-1700
  • KSI-1900
PC/SC readers

PC/SC readers require additional configuration steps. For details, see Configure additional features.

  • IMP-MFR-75
  • HID OMNIKEY 5022
  • HID OMNIKEY 5023
  • HID OMNIKEY 5025 CL
  • HID OMNIKEY 5427 CK
  • HID OMNIKEY 5422
MiFare readers
  • HDW-IMP-MFR75A

Google and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.

Was this helpful?

How can we improve it?
Search
Clear search
Close search
Google apps
Main menu
15177492844412826538
true
Search Help Center
true
true
true
true
true
410864
false
false