Enterprise Password AutoFill FAQ

Created: Modified: Knowledge Base

NOTE: This article applies to iOS devices only.

What is Enterprise Password AutoFill?

Imprivata GroundControl Check Out is integrated with Imprivata OneSign to support Password AutoFill for iOS applications and web sites. After checking out an iOS device to a user, the system makes a user’s credentials available to them when needed through Apple’s Enterprise Password AutoFill framework.

For most apps, users will tap the Passwords button above the keyboard. This will present a list of application credentials that will be automatically typed for the user.

Web sites and apps with an associated domain are even easier, and include the correct user credentials as part of the keyboard layout. An associated domain can only be enabled by the app’s vendor, and not Imprivata.

At the end of a shift, GroundControl purges credentials from the phone while checking in and locking down the device.

Is this using Apple’s iCloud?

The AutoFill system will be immediately familiar to many of your users. However Imprivata’s implementation does not require iCloud nor an Apple ID. All credentials are based within the Imprivata appliance already in place at most hospitals.

How do I configure Password AutoFill on my devices?

Password AutoFill requires GroundControl Check Out and Imprivata OneSign. In the GroundControl server console, there are settings for two-factor authentication and keyboard type. In Imprivata OneSign, you’ll load profiles for each app and web site, and deploy these to your user groups.

On each device, after initial provisioning, you’ll enable AutoFill by opening Settings > Passwords > AutoFill Passwords, and then select the Locker app. If you erase or Self Heal your devices, you’ll need to repeat this step. If disabled, Locker will remind your users during Check Out.

Is Two-Factor Authentication (2FA) supported?

2FA is supported for Password AutoFill. It’s determined by Imprivata OneSign’s User Policy settings, including any applicable grace period set in Imprivata OneSign. Users are challenged to enter either their Imprivata PIN or domain/OneSign Password before the first Password AutoFill event.

What apps and web sites will AutoFill?

Imprivata is leveraging Apple’s built-in AutoFill functionality. This feature works with most apps and nearly all websites. For a list of currently tested apps that support AutoFill, visit this page. You can use our Autofill Discovery app to validate if your applications support Password AutoFill.

Can I AutoFill without Imprivata OneSign?

No. Our implementation uses Imprivata OneSign as the identity provider.

Are there any Imprivata OneSign release requirements?

All currently maintained releases of Imprivata OneSign are supported. As on other platforms, your Imprivata OneSign administrator will load and deploy profiles for each iOS app and website. The mobile devices using AutoFill must have access to the same network as the Imprivata appliance.

Can users update their application credentials on iOS? 

Not today. Users will need to update and maintain their passwords via a PC with the Imprivata agent. Similarly, a PC with the Imprivata agent is required to enroll new users.

Any logout capabilities?

Password AutoFill provides only login. Separately, GroundControl supports several ways to log out of apps, including Universal Link Callbacks. These methods require support from the app’s developers.