Scout
Enabling Imprivata as Authentication Type
To configure Imprivata as the authentication method, proceed as follows:
- Open Scout Board and navigate to Device Configuration.
- In the User Authentication section, click Edit.
- From the drop-down menu, select Imprivata.
- Click the Edit button below and enter the Bootstrap URL, which is the address of the Imprivata appliance.
- The timeout setting (default: 60 seconds) defines how long the system waits for a password or PIN entry after a proximity card tap. If the entry is not completed within this period, the system automatically returns to the login screen.
- Click Apply/OK to confirm the changes.
Deploying Imprivata Appliance Certificates
A certificate in Base64 X.509 format (.crt) must be installed on eLux devices to enable communication with the Imprivata appliance.
- By default, each Imprivata appliance is shipped with a self-signed certificate generated by the appliance’s built-in root CA.
- This certificate is sufficient for initial testing or smaller deployments.
- However, self-signed certificates must still be signed by a root-CA, and the corresponding root-CA certificate must also be available on the client.
Many organizations prefer to replace the default certificate with one signed by a trusted authority. This can be:
- An internal enterprise CA (e.g., Microsoft Active Directory Domain Enterprise Root CA), or
- A publicly trusted CA such as DigiCert.
In such cases, the complete certificate chain (root CA, intermediate/subordinate CA, and the appliance certificate) must be exported in Base64 X.509 format and deployed to all eLux devices via Scout.
Option 1: Using the Imprivata Self-Signed Root Certificate
- Log in to the Imprivata Appliance Console and open the Security tab.
- If the following message is displayed: “The SSL certificate for this appliance has been self-signed by the certification authority (CA) on this appliance. Download the certificate of this CA.”*
- Click Download the certificate.
- The file will be saved as a .crt file.
This root certificate must then be deployed to your eLux devices via Scout to establish a trusted connection between clients and the appliance.
👉 For guidance on how to deploy certificates via Scout, please refer to Certificates.
Option 2: Using a Trusted Third-Party or Enterprise CA
If the Imprivata appliance has been configured with a certificate signed by a corporate or public CA, the root and intermediate certificates cannot be downloaded from the appliance directly.
In this scenario:
- Use a supported browser (e.g., Microsoft Edge or Google Chrome) to access the Imprivata Appliance Console.
- Export the complete certificate chain (root CA, intermediates, and appliance certificate).
- Ensure the chain is saved in Base64-encoded X.509 format (.crt).
- Deploy the certificate chain to your eLux devices via Scout.