Dragon: Gracefully Closing Network Edition

Dragon Network Edition–Nuance’s ubiquitous dictation software–is powerful, to be sure. But, like any powerful tool in IT, it’s full of quirks and secrets, and a few of them can ruin your day if you’re not careful.

Dragon comes with the ability to maintain user profiles on the network, and this has some inherent advantages. For example, a user’s dictionary modifications and personal preferences will follow them from machine to machine. That’s essential for a person who touches multiple computers every day. Unfortunately though, Dragon does not do the best job of handling this workflow natively. By which I mean, if a doctor logs into Dragon on Computer A, fails to log out, and then attempts to log in again on Computer B… some weird stuff can happen. Profiles can become inaccessible, or even corrupted.

Continue reading “Dragon: Gracefully Closing Network Edition”

Imprivata: Thin Client Preventing New Users from Logging In

Scenario: User A logs into a session on a thin/zero client, then walks away for 10 minutes without disconnecting. Imprivata, configured to secure the idle workstation at that time, attempts to lock the machine. The box returns to the local login screen, but the username and domain are pre-populated, and new users cannot login over User A before manually signing them out of the local device. In other words, the device is behaving like an Imprivata Type 1 (Single-User) machine. Ostensibly, it looks like Imprivata is preventing new users from logging in.

Continue reading “Imprivata: Thin Client Preventing New Users from Logging In”

Imprivata: Being Asked to Enroll Previously Enrolled Badges

First and foremost, I should note that this post will deal specifically with RFIDeas-brand proximity card readers. If you are seeing this problem with any other variety, hopefully I can provide some insight, but I won’t provide a fix. Additionally, this article¬†assumes that you entitle Imprivata users to enroll a single badge at a time, and that you provide them the ability to overwrite their badge enrollment. With all that being said, let’s dig in.

Continue reading “Imprivata: Being Asked to Enroll Previously Enrolled Badges”

Imprivata: How to Display SSO User in BGinfo on a Kiosk

BGinfo, in case you’re by some chance unfamiliar, is a Microsoft utility for displaying session information on the wallpaper. It is often used on both servers and desktops for the purpose of quickly identifying the current Windows user, the name of the machine, and any other handy information one might want to have at hand. However, in one of Imprivata’s most common use cases, a generic account is used to enter the Windows environment, while a type-2 (kiosk) OneSign agent acts as an authentication gateway for each SSO user who shares that machine.

In this scenario, displaying the currently logged-in Windows user in BGInfo is a bit of a moot point, as it will always be the same for everyone. It doesn’t give any actual indication as to who is presently using the device. The problem is that, by default, there is no environment variable or single point for BGinfo to reference in order to display the current SSO user–that is, the one who just authenticated to Imprivata. Thankfully though, it’s not hard to set this up.

Continue reading “Imprivata: How to Display SSO User in BGinfo on a Kiosk”

Imprivata: Seamless Credential Proxy for Published Apps

In certain cases, you may notice that an SSO profile for a Citrix-published app works as desired, but not before a user manually gives focus to the window. I have worked at more than one organization where the extra click was a total deal-breaker, and if you find yourself in need of that seamless experience, you’ll be happy to know the fix is no more complex than a couple of registry settings. One needs to be applied to any and all servers being used to publish the apps (to be sure of a consistent experience), and the other to the receiving clients. Appropriately, we are dealing with “Seamless Flags,” and you can find more information about them in articles CTX112499 and CTX101644 on the Citrix support site.

Continue reading “Imprivata: Seamless Credential Proxy for Published Apps”

Imprivata: Using Proximity Cards and Zero Clients

I have touched on the subject of troubleshooting zero clients for Imprivata usage before. However, I have been reminded in recent weeks about something I neglected to cover, and which probably deserves its own post anyway. I am referring to a commonly recurring problem that arises when one attempts to mix Imprivata, zero clients, and proximity cards.

Under certain circumstances, attempting to use proximity cards to “tap out” of an active virtual session on a zero client fails. That is, the card reader beeps, but the session remains open. I have also seen other strange behavior as well, such as a user being able to “tap over” his or her own session–where Imprivata locks the zero client and then logs them back in as themselves. Furthermore, this issue does not seem to be exclusive to View or XenDesktop, and obviously, neither of these scenarios is acceptable. Thankfully, the fix is a simple registry change in your master image.

Continue reading “Imprivata: Using Proximity Cards and Zero Clients”

Imprivata: OneSign Could Not Authenticate You

“OneSign could not authenticate you” is a rather generic error that can be the result of any number of different discrepancies. There are specific workflows that can cause it to appear even when everything is configured appropriately on the back-end, and there are several reasons that a user might encounter it aside from these. Unfortunately, Imprivata does not offer more specific error codes that you might identify the root of the problem with any ease. Sifting through logs has a tendency to be as confusing as clarifying, so I thought I’d put together a more concrete guide to troubleshooting this problem.

Continue reading “Imprivata: OneSign Could Not Authenticate You”

Imprivata – Citrix Receiver Stays Open at User Switch

Hypothetically, setting up your policies properly is enough to allow for User A to login to a desktop, get his Citrix virtual desktop, and then lock the machine confident that his session is secure and inaccessible to User B who logs in next. Unfortunately, as of this writing (and version 4.8, hotfix 1), that’s not always the case.

If you find that, unlike the ideal situation above, you notice that Citrix Receiver stays open during the switch and User B is able to see User A’s session after the fact (Followed shortly by a second Receiver session opening over top of the first), there are a few things to consider. First, take a look at your policy.

Continue reading “Imprivata – Citrix Receiver Stays Open at User Switch”

Imprivata Password Reset Troubleshooting

One commonly overlooked but absolutely critical piece of an Imprivata implementation is the ability to reset active directory passwords, expired or otherwise. It’s one of those things that tends to fade into the background in the midst of other pursuits and resolutions, but if it isn’t accounted for, it can cripple an entire environment. As soon as users’ passwords start expiring, and they are told they need to reset them before they can login, an incomplete or incorrect configuration on the appliance can result in users getting completely locked out of their desktops, relegating them to downtime procedures or worse.

Continue reading “Imprivata Password Reset Troubleshooting”

Imprivata Credential Passthrough with Citrix

When using Imprivata with XenDesktop or VDI-In-A-Box, you may find that connecting to a session results in your arriving at the Windows user login screen instead of a desktop. In order for the Imprivata credential passthrough to work in these environments, you need to install the agent via the command line with the following switch:

INSTALL_ONESIGN_NETPROV=TRUE

This will let Imprivata act as a Network Provider (it will appear in the ProviderOrder settings) and will allow for seamless credential passthrough from a Citrix Receiver or RDP client into an SSO-enabled desktop.