IAFI Terminology Glossary

The IGEL built ProveID Web API agent for Imprivata Enterprise Access Management (EAM) formerly called OneSign and Confirm ID.

• Non-appliance mode experience

• OS11 agent built into firmware

• OS 12 app available in the IGEL App Portal. Allows access to the IGEL desktop and flexible control over user experience and workflows.

• Supports Microsoft AVD apps and desktops (single and multi-session), Windows 365 Cloud PC (Frontline edition also), RDP desktops, Citrix apps and desktops, and Horizon apps and desktop workflows.

• Supports Fast User Switching (FUS) workflows with Citrix, Horizon, or Microsoft AVD

• Supports Kiosk Mode workflows (Epic Only and Virtual Kiosk Type 2 agent)

• Requires Imprivata VDA licensing for automated workflows

• Requires IGEL Agent for Imprivata Workspace Edition add-on license

The Imprivata built Linux agent that is installed on the appliance and is downloaded and installed on an IGEL OS 11 device. This is version dependent on both IGEL OS and Imprivata versions.

• OS 11 Appliance Mode only experience

• No IGEL local desktop access

• Policies and workflows developed and supported by Imprivata

• Requires Imprivata VDA licensing

• Supports Citrix apps and desktops, VMware desktops, and Microsoft RDSH/RDP desktops

• Supports Citrix Fast User Switching (FUS) workflows

In this configuration, IAFI authenticates a user to the Imprivata appliance and then securely logs the user into a local preconfigured session for a supported application.

Only one preconfigured session type is supported at a time (example: AVD).

• Roaming apps or desktop workflows only

• Does not use the Imprivata VDA User or Computer Policy settings to drive the workflow

• Required for Microsoft AVD / Windows 365 Cloud PC workflows

• Can also be used for Citrix apps or desktops, Horizon apps or desktops, or Microsoft RDP desktops

• Requires Imprivata VDA licensing

In this configuration, IAFI uses the Imprivata VDA user and computer policies to automate the workflow. This is similar to how the PIE agent works.

• Requires Imprivata VDA policy setup on the appliance (user and computer)

• Supports the ability to launch a preselected resource based on location (example: bypassing a chooser if you want a specific desktop or app to be launched at that location).

• Supports on-prem Citrix, Horizon, or Microsoft RDP

Imprivata OneSign fast user switching (FUS) is used in shared workstation workflows to allow rapid switching between user identities at the desktop level and the application level.

• For desktop-level FUS, the Windows-based shared workstation or virtual desktop kiosk is configured to automatically authenticate to Windows using generic credentials (i.e. kioskuser/kioskpassword). Users authenticate to Imprivata OneSign (versus having to
  authenticate to Windows) to access the shared Windows desktop which greatly reduces the time to logon.

• For application-level FUS, an application, such as the EHR (ex: Epic), is configured to remain persistent (or “hot”) on a shared workstation. With a lock screen configured, during a desktop-level fast user switch, Imprivata OneSign logs the previous user out of the application and logs the new user in which greatly reduces the time to access the application since it is not restarted during the user change event.

• Application-level FUS can also be configured to support virtualized applications delivered via technologies like Citrix, Horizon, or Microsoft AVD. An example of this would be the Imprivata Epic Only workflow

IAFI supports FUS in multiple modes:

• Desktop-level FUS with a lock screen - aka Imprivata Multi-App Epic workflow

• Application-level FUS - aka Imprivata Epic Only which maps to the IAFI Kiosk Mode configuration

• Virtual Kiosk - Imprivata Type 2 agent - this maps to the IAFI Kiosk Mode configuration

In this configuration, IAFI runs as a service with Imprivata virtual channel support for supported authentication devices. This does not require USB redirection of these devices into the remote session.

• Supported workflows are Imprivata Epic Only and Virtual Kiosks (Type 2 agent)

A method of installing and configuring the Imprivata Windows agent to support private workstation workflows. Also see private workstations.

A method of installing and configuring the Imprivata Windows agent to support shared workstation workflows. Also see shared workstations.

A method of installing and configuring the Imprivata Windows agent to support shared Citrix (Citrix XenApp) servers or Microsoft Terminal Server servers.

Private workstations are commonly used by a single user who requires access to one or more applications for a prolonged period of time. These workstations are typically found in private/physician offices, administration areas, and in specialty areas such as radiology.

Often called kiosks or public workstations, shared workstations are commonly used in areas where many different users require fast access to clinical applications for a limited period of time. These workstations are typically found in patient rooms, exam rooms, nursing stations, and physician documentation areas.

A thin or zero client is an end user computing device that uses a lightweight version of Windows or a non-Windows operating system such as Linux to access virtualized applications and/or desktops.

Virtual desktop infrastructure is a desktop virtualization approach in which a desktop operating system, typically Microsoft Windows, runs and is managed in a data center. The desktop image is delivered over a network to an endpoint device, which allows the user to interact with the OS and its applications as if they were running locally.

Citrix DaaS (formerly Citrix Virtual Apps and Desktops service) provides virtualization solutions that give IT control of virtual machines, applications, and security while providing anywhere access for any device. End users can use applications and desktops independently
of the device’s operating system and interface. (Source: Citrix)

Microsoft’s VDI solution in their Azure cloud data centers, accessible through public internet or private network connections.

Microsoft offering that allows for customers to use on-prem datacenter hardware to access the AVD Windows Multi-Session OS.

Microsoft’s Desktop as a Service (DaaS) solution for business. Subcription-based offering for private workstations.

Microsoft’s Desktop as a Service (DaaS) offering for frontline workers (healthcare, public sector) that allows a 3-1 license model for a more cost effective solution.

Formerly VMware Horizon, Omnissa Horizon is a desktop virtualization software platform that allows multiple users to access and run Microsoft Windows desktops and apps that are installed at a centralized location separate from the devices from which they are being accessed. Earlier versions were referred to as VMware View. Omnissa is a new company created from the sale of VMWare to Broadcom. Omnissa is the End User Computing products and services from the former VMWare.

Traditional Virtual Desktop Infrastructure provisioned on-prem with the management plane consisting of distinct server based roles. Compute and Storage run on the tenant or hosting partner’s datacenter

Example: Citrix desktop and application virtualization, Omnissa Horizon virtual desktops or RDSH apps, Microsoft RDSH

The evolution of traditional VDI where the virtualization management plane is delivered as a service. Elastic compute and storage are offered on consumption basis or through reservation based pricing. An evolutionary advancement in desktop virtualization.

Example: Microsoft Azure Virtual Desktop

Fully managed, subscription-based model for a more consistent user experience similar to a physical PC. A great option for customers looking to outsource their VDI infrastructure.

Example: Microsoft 365 Cloud PC