Administrator Guide
The following OneSign features or actions are supported:
• Client and Broker authentication
• Citrix Virtual Apps (formerly Citrix XenApp)
• Citrix Virtual Apps and Desktops (formerly Citrix XenDesktop)
• VMware View
• Kiosk Mode
• Fast User Switching
• Non-OneSign user VDI access
• Hotkey Disconnect
• Proximity card reader redirection
• Guided Question and Answer login
• Authenticate w/Password
• Authenticate w/Password + Password Change
• Authenticate w/Password + Password Change | New Password is Invalid
• Authenticate w/Proximity Card + Password
• Authenticate w/Proximity Card + Pin
• Authenticate w/Proximity Card + Pin | Pin not enrolled
• Authenticate w/Proximity Card Alone | Retrieve Password
• Retrieve User Identity Password
• Reset User Identity Password
• Update User Identity Password
• Enroll Proximity Card
• Lock/Unlock Terminal with Proximity CardLock/Unlock Terminal with Proximity Card
ThinOS supports latest Imprivata WebAPI version 5. It includes OneSign Objects (WebAPI v4) and Fingerprint Authentication (WebAPI
v5).
Configure objects on Imprivata server
Imprivata WebAPI is updated from version 4 to version 5. The Imprivata WebAPI feature is available on OneSign server 4.9 and later
versions. The configuration objects control different aspects of the client behavior.
Use the following guidelines to configure the objects on Imprivata server:
1. Configuring the General configuration object
a. On the Imprivata server, click Computer policy, and then click General tab.
b. Select the check box to allow users to shut down and restart workstation from lock screen.
NOTE:
Display shut down button and restarts commands to the user on the OneSign GINA.
The following configuration objects are supported on Imprivata server:
• Shutdown Allow
• If you enable this feature by selecting the check box, the shutdown and restart icons are displayed in the ThinOS login
and locked windows.
• If you clear the check box, the shutdown and restart icons are not available.
• FailedOneSignAuth Allow—Only yes or no options are supported. Non-OneSign user can log in to the Broker agent by
clicking No radio button.
• Logging Allow
• When you enable this feature, OneSign logs are displayed on ThinOS. An INI configuration is needed to enable this feature.
• Loglevel=0/1/2/3. The default value is 0. If set to 0, logs are not displayed.
• Display name format—Account name can be shown correctly with different formats in pop-up notifications.
2. Configuring the Walkway configuration object
On the Imprivata server, click Computer policy, and then click the Walk Away tab.
• Key mouse inactivity enabled and behavior—The check box In addition to keyboard and mouse inactivity is not
supported.
• Passive proximity cards
• If you want to use proximity card to lock the computer, select the Tap to lock check box.
• If you want to lock the computer and log in as a different user. Select the Switch users check box.
50
Configuring connectivity