Administrator Guide
2. Unlocking the Virtual Desktop using fingerprint authentication.
• Enable the Imprivata Virtual Channel from the ThinOS Global Connection settings.
• When you lock the virtual desktop in the session, the fingerprint window is displayed automatically.
3. Managing fingerprints on virtual desktop.
• Legend fingerprint management is supported.
• Fingerprint management with Imprivata Confirm ID enabled is not supported. This requires both supervisor and user to finish the
enrollment and it is recommended to use Windows platform to perform this action.
To manage fingerprints, do the following:
a. Right-click the OneSign agent icon on the System tray.
b. Click Manage Fingerprints, and enter the correct credentials in the displayed window to manage your fingerprints.
Enroll proximity card with Imprivata OneSign
Imprivata Proximity Card is a vital component in Imprivata OneSign Authentication Management.
To enroll a proximity card, do the following:
1. Tap the proximity card. The card enrollment page is displayed.
2. Enter the credentials and click OK.
Proximity card is enrolled successfully.
Use smart card as proximity card
You can use a smart card as a proximity card to authenticate the user. When you tap the smart card on the smart card reader, the
Imprivata agent uses the smart card unique serial number as the Unique ID (UID) of the proximity card.
To use a smart card as proximity card, do the following:
1. Log in to the OneSign Administrator console.
2. Go to the Policies page and click Computer Policy.
3. In the Smart card readers section, select the Treat smart card authentications as proximity card authentications check box.
To authenticate the user using a proximity card, connect a supported reader to the thin client. Before you tap the card, ensure that your
card is already enrolled to the user. When you tap your card on the reader, the thin client authenticates the user and starts the VDI
connection.
Configure the Caradigm server
Caradigm Single Sign-on and Context Management (SSO & CM) is the product of the Caradigm Company which provides Single Sign-on
and Context Management Services.
To configure the Caradigm integration on ThinOS, do the following:
1. From the desktop menu, click System Setup, and then click Remote Connections.
The Remote Connections dialog box is displayed.
2. Click the Authentication tab, and then click Caradigm.
a) SSO & CM Server—Enter the IP addresses of the Single Sign-On (SSO) and Context Management (CM) Servers.
b) Default Group Name—Type the name of the default group in the Default Group Name box.
c) Enable logoff remote desktop
• Select the check box to log off the current user from the session before system sign-off.
• Clear the selection to disconnect from the session.
3. Click OK to save the settings.
Configure the Caradigm Vault server
To configure the Caradigm Vault server on ThinOS:
1. From the desktop menu, click System Setup, and then click Remote Connections.
The Remote Connections dialog box is displayed.
2. Click the Authentication tab, click the Caradigm button, enter the IP address of the SSO & CM Server, and then click OK.
3. On the Caradigm Vault Server, use the following guidelines:
• Ensure that the Enroll unenrolled badges option is checked.
• Make sure that all Badge ID mapping entries are deleted.
52
Configuring connectivity