Skip to main content
Skip table of contents

IGEL Agent for Imprivata (IAFI) Feature Comparison Matrix

Updated:

General Recommendations

  • Use the latest IAFI OS 12 app version as it will contain the newest features, updates, and fixes.

    • You can access the latest IAFI version and release notes on the IGEL App Portal.

  • IGEL OS 11 - as of November 2024, no new IAFI features have been included in OS 11. All new features are with OS 12 only.

  • For Imprivata Windows or ProveID Embedded Agent (PIE), always refer to the latest Imprivata Enterprise Access Management - SSO Supported Components Guide.

NOTE: For any blank features, please contact your IGEL account team to inquire about any future roadmap items.

Imprivata EAM General Features and Workflows

General Features and Workflows

Windows Agent

PIE Agent

(OS 11 only)

IAFI

OS12

IAFI Notes

Appliance Failover

(tick)

(tick)

(tick)

Offline Mode

(tick)

(tick)

 

Self-Service Password Reset

(Agent Dialogs)

(tick)

(tick)

(tick)

For IAFI agents 1.1.1 and lower, use the Imprivata EAM 24.1 branch or older versions. If using the 24.2 branch, use hotfix 2 or higher

NEW - Self-Service Password Reset Web App

(tick)

(tick)

(tick)

The new SSPR Web App experience was introduced in EAM 24.2. IAFI 1.2.0 and higher will use this new SSPR Web App experience and not the Agent Dialogs from prior IAFI versions.

Third-party Self-Service Password Reset

(tick)

(tick)

(tick)

Supported with IAFI 1.2.0 and higher

Non-OneSign User Workflow

(tick)

(tick)

(tick)

Spine Combined Workflow (NHS)

(tick)

(tick)

 

Smartcard as Proximity Card Workflow

(tick)

(tick)

 

Customization Objects (Computer Policy)

(tick)

(tick)

(tick)

Multi-Monitor support

(tick)

(tick)

(tick)

Two monitors only, same resolution and size

Default Domain Setting for Agent login

(tick)

(tick)

(tick)

Configurable Setting for Lock Screen Toggle

(tick)

An optional hotkey that can be configured to toggle the IAFI full lock screen to a compact mode. The default setting is empty. Some example hotkeys: [Esc] or [Esc] + [i]

Primary Authentication Methods (Including Enrollment)

These additional Imprivata Licensed Options for Primary Authentication are NOT supported by IAFI

Primary Authentication Methods

Windows Agent

PIE Agent

OS 11 Only

IAFI

OS 12

IAFI Notes

Password

(tick)

(tick)

(tick)

Face recognition

(tick)

Imprivata Windows Agent feature only. Face Recognition Authentication

Imprivata PIN (Device-bound Passkey)

(tick)

Imprivata Windows Agent feature only. Passwordless Authentication with Device-Bound Passkey

Fingerprint Biometrics

(tick)

(tick)

NOTE: Authentication only, not enrollment

 (tick)

NOTE: Authentication only, not enrollment

IAFI 1.4.0 and higher

Supported readers:

Imprivata IMP-1C

Proximity Card

(tick)

(tick)

(tick)

Supported Prox readers:

  • rfIDeas readers / Imprivata branded models

  • HID Omnikey 5022 CL

  • MFR-75/75A

Security Key (FIDO)

(tick)

(tick)

(tick)  

IAFI 1.3.0 and higher

Supported FIDO readers:

  • rfIDeas readers / Imprivata branded FIDO models

  • HID Omnikey 5022 CL

  • MFR-75/75A

Smart Card using Active Directory Certificate

(tick)

(tick)

 

Smart Card using external certificate

(tick)

External ID Token

(tick)

VASCO OTP Token

(tick)

Question and Answer

(tick)

(tick)

Primary + Second Factor Authentication Workflows

IAFI supports the grace period settings for the Imprivata second factor in the user policy

Second-Factor Authentication Workflows

Windows Agent

PIE Agent

(OS 11 only)

IAFI

OS 12

IAFI Notes

Password + Imprivata ID

(tick)

(tick)

Additional Second factor policy options are not supported.

Fingerprint + Password

(tick)

(tick)

(tick)

IAFI 1.4.0 and higher

Fingerprint + Imprivata PIN

(tick)

(tick)

(tick)

IAFI 1.4.0 and higher

Proximity Card + Password

(tick)

(tick)

(tick)

Proximity Card + Imprivata PIN

(tick)

(tick)

(tick)

Proximity Card + Fingerprint

(tick)

(tick)

(tick)

IAFI 1.4.0 and higher

Proximity Card + Fingerprint or Password

(tick)

(tick)

Proximity Card + Fingerprint or Imprivata PIN

(tick)

(tick)

FIDO Security Key + Password

(tick)

(tick)

IAFI 1.3.0 and higher

FIDO Security Key + Imprivata PIN

(tick)

(tick)

IAFI 1.3.0 and higher

FIDO Security Key + Fingerprint

(tick)

(tick)

IAFI 1.4.0 and higher

FIDO Security Key + Fingerprint or Password

(tick)

FIDO Security Key + Fingerprint or Imprivata PIN

(tick)

Authentication / Reauthentication Methods via Imprivata Virtual Channel

This is to support Imprivata EAM (Confirm ID) reauthentication workflows for EPCS and Clinical Workflows

Authentication / Reauthentication Methods via Virtual Channel

Windows Agent

PIE Agent

(OS 11 Only)

IAFI

OS 12

IAFI Notes

Proximity Card

(tick)

(tick)

(tick)

Smart Card

(tick)

 

 

Security Key (FIDO)

(tick)

 

 

Fingerprint Biometrics

(tick)

(tick)

 

For order signing workflows, you can use USB redirection of a Fingerprint reader until we update IAFI with virtual channel support.

Imprivata Hands Free Authentication

(tick)

(tick)

 

Imprivata ID

(Push Notification)

(tick)

(tick)

Walk-Away Security

This is for support of the Imprivata Computer Policy > Walk-Away Security settings.

Walk-Away Security

Windows Agent

PIE Agent

(OS 11 only)

IAFI

OS 12

IAFI Notes

Honors Lock Command (Hotkey in User Policy Challenges tab)

(tick)

(tick)

(tick)

These are the current supported Hotkey combinations:

  • [SHIFT] + any other key
    [ESC] + any other key
    [HOME] + any other key
    [RIGHT] alone

  • Fn keys either alone or in combination with [SHIFT], [ESC] or [HOME]

    • Example: [F4] or [SHIFT]+[F4]

Fade to Lock Screensaver

(tick)

(tick)

(tick)

Black screensaver only - no fade to lock

Notification Balloon

(tick)

(tick)

(tick)

Secure Walk-Away (via Imprivata BLE Dongle)

(tick)

(tick)

 

Microsoft Workflows

For OS 12, IGEL recommends using the latest IAFI version and the latest Microsoft app versions for AVD, Win 365 Cloud PC, or Remote Desktop

IAFI versions will specify the minimum required Microsoft companion app.

Microsoft Workflows

Windows Agent

PIE Agent (OS 11 only)

IAFI

OS 12

IGEL Agent for Imprivata Configuration Mode

IAFI Notes

Auth Only

Follow Policies

Kiosk

Fast User Switching

AVD Desktops

(Roaming)

(tick)

 

(tick)

(tick)

Manual or auto-launch

AVD Remote Apps

(Roaming)

 

(tick)

(tick)

Manual or auto-launch

Win365 Cloud PCs Enterprise or Frontline (Roaming)

 

(tick)

(tick)

OS 12 only

Manual or auto-launch

Virtual Kiosk for AVD/Win365 Cloud PC - (Non-Roaming)

(tick)

(AVD only)

 

(tick)

(tick)

Imprivata Type 2 agent installed on Windows virtual kiosk

RDS/Remote PC Desktops (Roaming)

(tick)

(tick)

(tick)

(tick)

Only one Remote PC desktop connection is supported in Follow Policies mode.

RDS Applications

(Roaming)

(tick)

(tick)

 

 

Virtual Kiosk for RDS/Remote PC Desktops

(Non-Roaming)

(tick)

 

(tick)

(tick)

Imprivata Type 2 agent installed on Windows virtual kiosk

Virtual Kiosk for RDS Published Apps

(Non-Roaming)

(tick)

 

(tick)

(tick)

Citrix Workflows

For OS 12, IAFI has specific Citrix version requirements for these workflows.

NOTE: IAFI app versions will specify the minimum Citrix companion app.

Citrix Workflows

Windows Agent

PIE Agent (OS 11 only)

IAFI

OS 12

IGEL Agent for Imprivata Configuration Mode

IAFI Notes

Auth Only

Follow Policies

Kiosk

Fast User Switching

Virtual Desktops

(Roaming)

(tick)

(tick)

(tick)

(tick)

(tick)

Manual or auto-launch

Virtual Apps (Roaming)

(tick)

(tick)

(tick)

(tick)

(tick)

Manual or auto-launch

Virtual Kiosk for Citrix Desktops

(Non-Roaming)

(tick)

(tick)

(tick)

(tick)

Imprivata Type 2 agent installed on virtual kiosk

Virtual Kiosk for Published Applications

(Non-Roaming)

(tick)

Epic Only workflow with Type 3 agent on Microsoft Server OS

Citrix Connection Configuration Details (All IAFI configuration modes - Auth Only, Follow Policies, Kiosk, Fast User Switching):

  • Storefront Authentication (Store and Storeweb)

    • HTTPS required

    • The Citrix Store must be configured with the following authentication methods to support connections from IAFI.

      • User name and Password

      • Domain pass-through

      • HTTP Basic

  • When using IAFI in Follow Policies and Fast User Switching (Persistent App workflow), the Imprivata VDA Citrix URL must be the Citrix Storeweb URL. The legacy PNAgent URL is not supported with IAFI.

    • ex: https://citrix.igeldemolab.org/Citrix/StoreWeb

  • When using IAFI in Auth Only or Kiosk Mode, the Citrix Workspace App URL must be the Citrix Store URL

    • ex: https://citrix.igeldemolab.org/Citrix/Store

Troubleshooting Tip for Citrix Storefront connections

  • If you see a double-prompt to reauthenticate after initially logging into the Citrix Workspace App (i.e. IAFI Auth Only mode), check to make sure the Trusted Domain information is consistent across the Citrix environment.

  • IGEL recommends using the FQDN across all of the Citrix environment. The FQDN should also match the domain information that the Imprivata appliance is synching with against Active Directory.

    • ex: Trusted Domain = igeldemolab.org

Omnissa Horizon Workflows

For OS 12, IGEL recommends using the latest IAFI version and the latest Omnissa Horizon app version.

NOTE: IAFI app versions will specify the minimum Omnissa Horizon companion app.

** If using the Horizon NextGen v2 broker, only Workspace ONE is supported as the Horizon IdP. Please review the Omnissa Horizon documentation.

Horizon Workflows

Windows Agent

PIE Agent

(OS 11 only)

IAFI

OS 12

IGEL Agent for Imprivata Configuration Mode

IAFI Notes

Auth Only

Follow Policies

Kiosk

Fast User Switching

Virtual Desktops / on-prem

(Roaming)

(tick)

(tick)

(tick)

(tick)

(tick)

Manual or auto-launch

Virtual Published Applications / on-prem

(Roaming)

(tick)

 

(tick)

(tick)

(tick)

Manual or auto-launch

Virtual Desktops (Cloud)

(tick)

 

(tick)

(tick)

Virtual Published Apps (Cloud)

(tick)

(tick)

(tick)

(tick)

Horizon Cloud Entitlement On-Ramp Broker

(Roaming Desktops or Apps)

(tick)

(tick)

Requires IAFI Auth Only mode

Horizon Cloud Entitlement On-Ramp Broker

(Virtual Kiosk)

(tick)

Horizon Cloud Service / v2 NextGen Broker**

 

(tick)

(tick)

(tick)

Desktops or apps and virtual kiosk with Imprivata Type 2 agent

Virtual Kiosk for Horizon Desktops

(Non-Roaming)

(tick)

(tick)

(tick)

(tick)

Imprivata Type 2 agent installed on virtual kiosk

Virtual Kiosk for Horizon Apps

(Non-Roaming)

(tick)

(tick)

(tick)

Epic Only workflow with Type 3 agent on Microsoft Server OS

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.