Imprivata Overview
Last Updated: May 21, 2026
Vasion integrates with Imprivata Enterprise Access Management (EAM) to enable badge-based secure release printing on a multifunction printer (MFP) in healthcare environments. This integration resolves an identity continuity problem specific to shared clinical workstations, where print jobs are otherwise attributed to the machine rather than the authenticated user.
Key Points
The following are important things to know about the Imprivata integration:
- Clinicians badge in at the MFP using an rf IDEAS proximity badge reader to release only their own print jobs.
- Both shared kiosk workstations (Imprivata Type 2) and standard workstations (Imprivata Type 1) are supported.
- Badge readers must be rf IDEAS models 800 or 805, operating in HID keyboard emulation mode, with IDs sent as hexadecimal numbers.
- This integration supports Windows operating system (OS) devices in Vasion Now and Scheduled Release SaaS (SRS) environments.
- An LDAP domain connection with Identity Sync is required to pull Active Directory users into the Vasion database before the Imprivata integration can authenticate them. The LDAP connection is used only for the user sync, and is not used for ongoing authentication. After users are synced, all authentication communication occurs through the Imprivata IdP connection.
How It Works
In healthcare environments, clinical staff often authenticate at shared kiosk workstations using an Imprivata badge. Because the underlying Windows session uses a generic service account, Vasion Print would ordinarily attribute print jobs to the computer name rather than to the individual user. This means that when a clinician badges in at the MFP to release their jobs, no jobs appear.
The Imprivata integration relies on three connected components working together. First, an LDAP domain connection with Identity Sync is required to pull Active Directory users into the Vasion database before the Imprivata integration can authenticate them. The LDAP connection is used only for the user sync, and is not used for ongoing authentication. After users are synced, all authentication communication occurs through the Imprivata IdP connection. When Imprivata authenticates a user, it returns a user ID that Vasion matches to the corresponding Active Directory user already in the database.
The integration resolves identity attribution at two points:
- At the workstation: The Vasion Client detects the Imprivata Agent running on the workstation and queries the ProveID SDK to identify the currently authenticated user. The Client passes that identity to the Service Client, which tags all print jobs created during the session with the user's username.
- At the MFP: When a clinician taps their badge on the rf IDEAS reader, the CPA sends the badge credential to the customer's Imprivata instance via the ProveID Web API. The appliance returns the corresponding username. The CPA then matches that username to queued print jobs and displays only that user's jobs for release.
Requirements
Before you configure the Imprivata integration, confirm that your environment meets the following requirements:
- Imprivata Enterprise Access Management (EAM) accessible and deployed in your environment.
-
An LDAP Domain connection with Identity Sync is required to pull Active Directory users into the Vasion database before the Imprivata integration can authenticate them.
- An rf IDEAS 800 or 805 USB badge reader is connected to each MFP where badge release is required, and operating in HID keyboard emulation mode.
Use the rfIDEAS configuration utility, or similar tool, so the badges send the ID as a hexadecimal number.
- The Imprivata instance (on-premises or cloud-hosted) is reachable from the CPA on port 443.
- Access to Vasion Print, and:
- A Service Client running the Printer Apps service. For more details refer to Service Clients.
- Secure Release Print installed from the CPA onto the MFP. For more details refer to CPA 2.0.
- This feature requires enabling a setting which will only allow Imprivata badge authentication, and restrict other forms of CPA authentication.
- This feature will enable Identity Sync, included in the steps.
- A Service Client running the Printer Apps service. For more details refer to Service Clients.
Next Steps
After reviewing this topic, see the following: