Imprivata Strengthens Access and Authentication Management with OneSign 3.5

New provisioning interface, support for non-domain users, SSO for laptop biometric devices and built-on RADIUS host for remote access management extend OneSign’s capabilities

LEXINGTON, MA, October 23, 2006 -- Imprivata®, Inc. today announced the availability of Imprivata OneSign™ 3.5. The new release includes enhancements to its Single Sign-On (SSO) and Authentication Management (AM) modules. In addition to the recently announced Physical/Logical capabilities of the OneSign platform, the enhanced functionality of v3.5 ranges from a new standards-based SPML provisioning interface to a built-in RADIUS host for handling remote users that will help customers simplify access and authentication management while providing stronger, better-integrated security throughout their organizations.

Moffitt Cancer Center, located on the University of South Florida campus, is taking advantage of the new SPML provisioning interface to connect OneSign 3.5 with Moffitt’s provisioning system, AccountCourier from Courion, to strengthen its cross-organization security while ensuring employee productivity. “Imprivata’s OneSign solutions will be instrumental in our organization’s security infrastructure,” said Edward Martinez, VP and chief information officer at Moffitt Cancer Center. “The flexibility of its appliance and the standards-based provisioning interface of OneSign 3.5 allows us to cost-effectively integrate access and authentication management, and enables us to do so without replacing the process our employees are comfortable with and use everyday.”

OneSign 3.5 Enhancements

Imprivata OneSign 3.5 includes several key improvements to the company’s SSO product, helping companies to quickly and cost-effectively solve password management, security and user access issues. Enhancements include:

  • Standards-based SPML Provisioning Interface: Imprivata has created a standards-based SPML interface to allow user provisioning systems to establish and maintain user accounts, applications and credentials within OneSign, eliminating the need to distribute application passwords to end users. This allows an organization to ensure transient and new employees day one productivity. Courion and Fischer International are the first partners to integrate with OneSign 3.5.

  • OneSign Directories: SSO benefits can now be extended to users that exist outside the domain directory, or for organizations that do not utilize a directory at all, thereby extending the security and cost savings offered by OneSign SSO to non-directory users without needing to include and manage them in the corporate directory.

  • Computer-Level Policy Management: In addition to the already flexible and robust capabilities of OneSign, administrators now have the ability to assign OneSign authentication and desktop policies to specific computers - overriding user-level settings. This feature gives each organization greater flexibility over assigning policies, allowing organizations to make exceptions to the rule where needed, such as in a health care organization where patient data needs to be viewable longer on an operating room computer than on a public workstation.

Additional SSO capabilities of OneSign 3.5 include Microsoft Internet Explorer v7 support, anonymous-user login support for applications hosted by a third party vendor via Citrix, enhanced Meditech capabilities, and configurable Xyloc active proximity card settings via the OneSign administrator’s interface, among others.

Enhancements Strengthen Security, Remote Access Authentication Management

Imprivata OneSign Authentication Management (AM) increases network authentication security by replacing passwords with strong authentication options for both Windows and remote access. Enhancements in OneSign 3.5 extend its AM capabilities, including:

  • Built-in RADIUS Host for Remote Access Authentication: This enhancement enables OneSign to handle remote access authentication using passwords or VASCO Digipass One-Time-Password tokens, creating a single administration point and simplifying deployment and token management. This allows organizations to implement stronger network authentication to all users regardless of their location – local or remote.

  • UPEK TouchStrip Sensor Support: In addition to support for UPEK area biometric device readers, OneSign AM now provides the built-in support for the new, lower-cost finger biometric readers that utilize the UPEK TouchStrip sensor, including the swipe readers found on Dell Latitudes and IBM/Lenovo Thinkpad laptops. This enables organizations to enforce strong network authentication, while utilizing their existing laptop or keyboard hardware.

Additional AM capabilities of OneSign 3.5 include combined password and finger biometrics for strong two-factor authentication without the need to purchase another strong authentication option; expanded offline biometric and proximity card authentication as well as emergency access authentication, ensuring greater network security and user convenience without increasing help desk calls due to forgotten cards, badges, or tokens.

“Imprivata’s focus on providing easy-to-use, smart, and affordable security solutions has fueled our market leadership,” said Omar Hussain, president and CEO of Imprivata, Inc. “The new enhancements to the OneSign platform, combined with its recently announced physical/logical capabilities, now enable Imprivata to address all facets of authentication and access management in a single appliance, providing the most convenient and effective solutions for protecting customers from door to desktop.”

OneSign 3.5 Warm Standby Appliance Option

As in the past, Imprivata OneSign is shipped as a redundant appliance pair with built-in failover. Imprivata now offers a Warm Standby appliance option for disaster recovery. The appliance can be kept at an offsite location and is designed to rapidly take over all OneSign services in the event of a disaster. It automatically transfers and restores to itself the most recent backup file from the production pair. The OneSign Agent continues to run offline and returns to online mode automatically when service is restored.

Pricing and Availability

Imprivata OneSign consists of seamlessly integrated authentication management, single sign-on and physical/logical modules, flexibly packaged in an affordable, purpose-built appliance that is easy to implement and maintain -- or each capability can be licensed separately to solve specific security issues. OneSign 3.5 is shipped as an appliance pair with built-in failover and will be available in November 2006. For pricing details, contact

About Imprivata

Imprivata is the enterprise authentication and access management appliance company delivering OneSign -- an easy, smart, and affordable appliance for securing networks, applications, and building/IT access. The OneSign appliance includes OneSign Authentication Management, which increases network security by replacing Windows passwords with strong authentication options; OneSign Single Sign-On, which quickly and effectively solves password management, security and user access issues; and OneSign Physical/Logical, which integrates building and network access systems to enable location-based authentication. For more information, please visit