IGEL Agent for Imprivata (IAFI) Feature Comparison Matrix
Updated:
General Recommendations
Use the latest IAFI OS 12 app version as it will contain the newest features, updates, and fixes.
You can access the latest IAFI version on the IGEL App Portal.
IGEL OS 11 Firmware - check matrix for specific IAFI version information. Some OS 11 versions may be private builds until we issue a new Rolling Release.
NOTE: Certain features may only be available in the OS 12 app. The matrix will indicate which ones.
For Imprivata Windows or ProveID Embedded Agent (PIE), refer to the latest Imprivata Supported Components Guide.
NOTE: Any IAFI blank features are current roadmap items scheduled for later releases in 2025.
Imprivata EAM General Features and Workflows
General Features and Workflows | Windows Agent | PIE Agent OS 11 only | IAFI OS12 | OS 11.10.210 IAFI v1.1.0 | IAFI Notes |
|---|---|---|---|---|---|
Appliance Failover |
|
|
|
| |
Offline Mode |
|
|
| ||
Self-Service Password Reset (Agent Dialogs) |
|
|
|
| For IAFI agents 1.1.1 and lower, use the Imprivata EAM 24.1 branch or older versions. If using the 24.2 branch, use hotfix 2 or higher |
NEW - Self-Service Password Reset Web App |
|
|
| The new SSPR Web App experience was introduced in EAM 24.2. IAFI 1.2.0 and higher will use this new SSPR Web App experience and not the Agent Dialogs from prior IAFI versions. | |
Third-party Self-Service Password Reset |
|
|
| Supported with IAFI 1.2.0 and higher | |
Non-OneSign User Workflow |
|
|
| ||
Spine Combined Workflow (NHS) |
|
|
| ||
Smartcard as Proximity Card Workflow |
|
|
| ||
Customization Objects (Computer Policy) |
|
|
| ||
Multi-Monitor support |
|
|
|
| Two monitors only, same resolution and size |
Default Domain Setting for Agent login |
|
|
|
| |
Configurable Setting for Lock Screen Toggle |
|
| An optional hotkey that can be configured to toggle the IAFI full lock screen to a compact mode. The default setting is empty. Some example hotkeys: [Esc] or [Esc] + [i] |
Primary Authentication Methods (Including Enrollment)
Additional Imprivata Licensed Options for Primary Authentication NOT Supported by IAFI
IAFI does not support these additional Imprivata licensed options for Primary Authentication:
Fingerprint identification (one-to-many match)
Imprivata ID for Windows access
VASCO OTP token authentication
Primary Authentication Methods | Windows Agent | PIE Agent OS 11 Only | IAFI OS 12 | OS 11.10.210 IAFI v1.1.0 | IAFI Notes |
|---|---|---|---|---|---|
Password |
|
|
|
| |
Proximity Card |
|
|
|
| Supported readers:
|
Smart Card using Active Directory Certificate |
|
|
| ||
Smart Card using external certificate |
| ||||
Security Key (FIDO) |
|
|
| ||
Fingerprint Biometrics |
|
NOTE: Authentication only, not enrollment |
| ||
External ID Token |
| ||||
VASCO OTP Token |
| ||||
Question and Answer |
|
|
Primary + Second Factor Authentication Workflows
IAFI supports the grace period settings for the Imprivata second factor in the user policy
Second-Factor Authentication Workflows | Windows Agent | PIE Agent OS 11 only | IAFI OS 12 | OS 11.10.210 IAFI v1.1.0 | IAFI Notes |
|---|---|---|---|---|---|
Password + Imprivata ID |
|
| |||
Fingerprint + Password |
|
| |||
Fingerprint + Imprivata PIN |
|
| |||
Proximity Card + Password |
|
|
|
| |
Proximity Card + Imprivata PIN |
|
|
|
| |
Proximity Card + Fingerprint |
|
| |||
Proximity Card + Fingerprint or Password |
|
| |||
Proximity Card + Fingerprint or Imprivata PIN |
|
| |||
FIDO Security Key + Password |
| ||||
FIDO Security Key + Imprivata PIN |
| ||||
FIDO Security Key + Fingerprint |
| ||||
FIDO Security Key + Fingerprint or Password |
| ||||
FIDO Security Key + Fingerprint or Imprivata PIN |
|
Authentication / Reauthentication Methods via Imprivata Virtual Channel
Authentication / Reauthentication Methods via Virtual Channel | Windows Agent | PIE Agent OS 11 Only | IAFI OS 12 | OS 11.10.210 IAFI v1.1.0 | IAFI Notes |
|---|---|---|---|---|---|
Proximity Card |
|
|
|
| |
Smart Card |
|
|
|
| |
Security Key (FIDO) |
|
|
|
| |
Fingerprint Biometrics |
|
|
|
| For order signing workflows, you can use USB redirection of a Fingerprint reader until we update IAFI with virtual channel support. |
Imprivata Hands Free Authentication |
|
|
|
|
Walk-Away Security
Walk-Away Security | Windows Agent | PIE Agent | IAFI OS 12 | OS 11.10.210 IAFI v1.1.0 | IAFI Notes |
|---|---|---|---|---|---|
Honors Lock Command (Hotkey in User Policy Challenges tab) |
|
|
|
| These are the current supported Hotkey combinations:
|
Fade to Lock Screensaver |
|
|
|
| Black screensaver only - no fade to lock |
Notification Balloon |
|
|
|
| |
Secure Walk-Away (via Imprivata BLE Dongle) |
|
|
|
|
Microsoft Workflows
For OS 12, IGEL recommends using the latest IAFI version and the latest Microsoft app versions for AVD, Win 365 Cloud PC, or Remote Desktop
IAFI versions will specify the minimum required Microsoft companion app.
Microsoft Workflows | Windows Agent | PIE Agent (OS 11 only) | IAFI OS 12 | OS 11.10.210 IAFI v1.1.0 | IGEL Agent for Imprivata Configuration Mode | IAFI Notes | |||
|---|---|---|---|---|---|---|---|---|---|
Auth Only | Follow Policies | Kiosk | Fast User Switching | ||||||
AVD Desktops (Roaming) |
|
|
|
|
| Manual or auto-launch | |||
AVD Remote Apps (Roaming) |
|
|
|
| Manual or auto-launch | ||||
Win365 Cloud PCs Enterprise or Frontline (Roaming) |
|
|
| OS 12 only Manual or auto-launch | |||||
Virtual Kiosk for AVD/Win365 Cloud PC - (Non-Roaming) |
(AVD only) |
|
|
|
| Imprivata Type 2 agent installed on virtual kiosk | |||
RDS/Remote PC Desktops (Roaming) |
|
|
|
|
| ||||
RDS Applications (Roaming) |
|
|
|
| |||||
Virtual Kiosk for RDS/Remote PC Desktops (Non-Roaming) |
|
|
|
|
| ||||
Virtual Kiosk for RDS Published Apps (Non-Roaming) |
|
|
|
|
| ||||
Citrix Workflows
For OS 12, IAFI has specific Citrix version requirements for these workflows.
IAFI versions will specify the minimum Citrix companion app.
Citrix Workflows | Windows Agent | PIE Agent (OS 11 only) | IAFI OS 12 | OS 11.10.210 IAFI v1.1.0 | IGEL Agent for Imprivata Configuration Mode | IAFI Notes | |||
|---|---|---|---|---|---|---|---|---|---|
Auth Only | Follow Policies | Kiosk | Fast User Switching | ||||||
Virtual Desktops (Roaming) |
|
|
|
|
|
| Manual or auto-launch | ||
Virtual Apps (Roaming) |
|
|
|
|
|
| Manual or uto-launch | ||
Virtual Kiosk for Citrix Desktops (Non-Roaming) |
|
|
|
|
| Imprivata Type 2 agent installed on virtual kiosk | |||
Virtual Kiosk for Published Applications (Non-Roaming) |
| Epic Only workflow with Type 3 agent on Microsoft Server OS | |||||||
Omnissa Horizon Workflows
For OS 12, IGEL recommends using the latest IAFI version and the latest Omnissa Horizon app version.
IAFI versions will specify the minimum Omnissa Horizon companion app.
If using the Horizon NextGen v2 broker, only Workspace ONE is supported as the Horizon IdP. Please review the Omnissa Horizon documentation.
Horizon Workflows | Windows Agent | PIE Agent OS 11 only | IAFI OS 12 | OS 11.10.210 IAFI v1.1.0 | IGEL Agent for Imprivata Configuration Mode | IAFI Notes | |||
|---|---|---|---|---|---|---|---|---|---|
Auth Only | Follow Policies | Kiosk | Fast User Switching | ||||||
Virtual Desktops / on-prem (Roaming) |
|
|
|
|
|
| Manual or auto-launch | ||
Virtual Published Applications / on-prem (Roaming) |
|
|
|
|
|
| Manual or auto-launch | ||
Virtual Desktops (Cloud) |
|
|
|
|
| ||||
Virtual Published Apps (Cloud) |
|
|
|
|
| ||||
Horizon Cloud Service / v2 NextGen Broker |
|
|
|
|
|
| Desktops or apps and virtual kiosk with Imprivata Type 2 agent | ||
Virtual Kiosk for Horizon Desktops (Non-Roaming) |
|
|
|
|
| Imprivata Type 2 agent installed on virtual kiosk | |||
Virtual Kiosk for Horizon Apps (Non-Roaming) |
|
|
|
| Epic Only workflow with Type 3 agent on Microsoft Server OS | ||||