Imprivata OneSign

Imprivata OneSign delivers authentication and access management purpose-built for healthcare and clinical settings. The on-premises platform provides fast, secure sign-ins across shared workstations, applications, and virtual desktops. It supports SSO and authentication workflows tailored to hospitals and integrates with Citrix and VMware for session roaming. Federation is available via SAML 2.0; however, modern protocols like OpenID Connect or OAuth 2.0 are not core capabilities.

Key Capabilities

• Clinical SSO workflows: Captures and replays credentials for Windows and client-server apps to enable rapid user switching and tap-in/tap-out access at shared terminals.

• Authentication management: Supports proximity badges (RFID), smart cards, fingerprint biometrics, and Imprivata Confirm ID for MFA across devices and workstations.

• Virtual desktop & roaming sessions: Seamless roaming between Citrix and VMware Horizon sessions—critical for clinicians moving between patient rooms or departments.

• SAML 2.0 federation: Functions as a SAML Identity Provider for SaaS and web app SSO integrations.

• Centralized policy & auditing: Provides centralized authentication policy control, logging, and HIPAA-aligned compliance reporting.

Limitations

• Protocol coverage: Primarily supports SAML 2.0 for web federation; no confirmed native OpenID Connect/OAuth 2.0 support.

• Deployment model: Fully on-premises or virtual appliance—customers must handle HA, patching, and upgrades; no SaaS edition.

• Healthcare focus: Purpose-built for clinical and shared workstation workflows rather than general enterprise or consumer IAM.

• Provisioning automation: No public documentation of SCIM 2.0 endpoints or lifecycle automation; integration typically requires external IGA tools.

• Integration scope: Broader identity federation or governance often depends on pairing OneSign with other enterprise IdPs.