Configuring Imprivata MDA as App Authenticator

This procedure describes how to use Imprivata MDA as your app authenticator.

Before you begin

  1. Create an app policy with Imprivata MDA app configured. Enable the Manage app configuration toggle with one sign server address added.
  2. You must have a valid directory service configured in SOTI MobiControl. These credentials verify the features each user can access on the shared device.
  3. If a device has a Lockdown profile applied, configure Imprivata MDA as a Lockdown item. Failure to do so can result in authentication conflicts with Imprivata MDA.

About this task

To assign Imprivata MDA as app authenticator:

Procedure

  1. Right-click on the group you want to apply shared devices to in the Groups tree then select Advanced Configurations.
  2. Select Android Plus from the Device Type dropdown menu then Shared Device from the list of advanced configurations. The Shared Device panel appears.
    Shared device screen with Enable Shared Device toggle selected and Imprivata MDA highlighted in the Single sign-on authenticator app dropdown
  3. In the Shared Device panel, select the Enable Shared Device toggle.
  4. In the Single Sign-on authenticator app dropdown, choose Imprivata MDA .
    Note: The following limitations apply:
    1. Blacklisting Imprivata MDA with an ARC profile hides Imprivata when a user attempts to log in. The log displays Device is Pending authenticator app installation.
    2. Whitelisting any application (for example, Youtube, Chrome), uninstalls/hides Imprivata and the user remains logged in on the Agent. If the user tries to log out from the Agent, they get the following error: Device is Pending authenticator app installation.
    3. Logging into a locked NFC-enabled device with an access card will not work.
    4. Use passcodes on devices connected to a VPN. Only Imprivata users can log in.
    5. LDAP Directory Service is necessary if using Imprivata MDA as app authenticator.