Scout

Enabling Imprivata as Authentication Type

To configure Imprivata as the authentication method, proceed as follows:

1. Open Scout Board and navigate to Device Configuration.
2. In the User Authentication section, click Edit.
3. From the drop-down menu, select Imprivata.
4. Click the Edit button below and enter the Bootstrap URL, which is the address of the Imprivata appliance.
5. The timeout setting (default: 60 seconds) defines how long the system waits for a password or PIN entry after a proximity card tap. If the entry is not completed within this period, the system automatically returns to the login screen.
6. Click Apply/OK to confirm the changes.

Deploying Imprivata Appliance Certificates

A certificate in Base64 X.509 format (.crt) must be installed on eLux devices to enable communication with the Imprivata appliance.

• By default, each Imprivata appliance is shipped with a self-signed certificate generated by the appliance’s built-in root CA.
• This certificate is sufficient for initial testing or smaller deployments.
• However, self-signed certificates must still be signed by a root-CA, and the corresponding root-CA certificate must also be available on the client.

Many organizations prefer to replace the default certificate with one signed by a trusted authority. This can be:

• An internal enterprise CA (e.g., Microsoft Active Directory Domain Enterprise Root CA), or
• A publicly trusted CA such as DigiCert.

In such cases, the complete certificate chain (root CA, intermediate/subordinate CA, and the appliance certificate) must be exported in Base64 X.509 format and deployed to all eLux devices via Scout.

Option 1: Using the Imprivata Self-Signed Root Certificate

1. Log in to the Imprivata Appliance Console and open the Security tab.
2. If the following message is displayed: “The SSL certificate for this appliance has been self-signed by the certification authority (CA) on this appliance. Download the certificate of this CA.”*
3. Click Download the certificate.
4. The file will be saved as a .crt file.

This root certificate must then be deployed to your eLux devices via Scout to establish a trusted connection between clients and the appliance.

👉 For guidance on how to deploy certificates via Scout, please refer to Certificates.

Option 2: Using a Trusted Third-Party or Enterprise CA

If the Imprivata appliance has been configured with a certificate signed by a corporate or public CA, the root and intermediate certificates cannot be downloaded from the appliance directly.

In this scenario:

1. Use a supported browser (e.g., Microsoft Edge or Google Chrome) to access the Imprivata Appliance Console.
2. Export the complete certificate chain (root CA, intermediates, and appliance certificate).
3. Ensure the chain is saved in Base64-encoded X.509 format (.crt).
4. Deploy the certificate chain to your eLux devices via Scout.