This appliance-based solution does just what its name suggests. A capability such as single sign-on must be robustly managed, and Imprivata provides for this with its dedicated appliance and associated agents, which reside on the user’s workstation.
The 1U appliance is a sturdy, if rather noisy, device. Its initial configuration is straightforward, supported by a two-line facia display, an on-board administrator guide and its own manual, as well as a handy A3-sized set-up flyer.
The idea is that two identical appliances would be used in a typical deployment, one being a failover device connected by a LAN crossover cable. Additional conveniently sized and clearly presented printed manuals provide the administrator with everything they need to know.
The Imprivata agents take care of things at the client end and allow for user authentication via passwords, tokens or biometrics. Two Upek Touch Chip capacitive fingerprint readers were supplied, and are typical of the sort of biometric devices that might be used in a corporate environment.
Application and user profiles are stored on the OneSign Server appliance, from where the agents download required credentials at initial log on, then communicate periodically with the server to catch any changes. The user may then be automatically logged on to any application that requires authentication. This can also take place remotely via a VPN if desired, to support mobile users.
An application profile generator helps setting up the relevant applications, and security policies can be set to enforce rules.
Using a dedicated appliance-based server can have distinct advantages for larger enterprises and Imprivata enhances this by ensuring compatibility with a wide range of infrastructures, protocols and devices.
This is a user authentication system for those who take such matters seriously and need an enterprise-wide solution that is both robust and user friendly.