Setting the Mail Server and Standard Messages

Email server settings and standard message templates can be configured on the Settings page:  In the Imprivata Admin Console, go to the gear icon > Settings.

The Imprivata appliance can send email messages for a variety of reasons:

  • Notify Administrators of system events

  • Notify Imprivata Enterprise Access Management (formerly Imprivata Confirm ID) providers to complete Individual identity proofing

  • Notify users to confirm enrollment of each authentication method enrolled

  • Notify providers when they have successfully completed identity proofing

  • Notify administrators when an Individual provider enrolls their first token

  • Notify users to self-install the Imprivata agent

  • Notify users to enroll in the password self-service reset feature

Configuring the Imprivata Mail Server Account

A SMTP server must be specified to send email notifications to administrators and end users.

You can configure a connection to an SMTP server using basic (password) authentication.

NOTE:

Microsoft has announced the deprecation of basic authentication in Exchange Online. While you can configure a connection using basic authentication, it is recommended that you configure the connection to your mail server over OAuth.

To configure the connection:

  1. In the Imprivata Admin Console, open the gear icon menu, and click Settings.

  2. In the Email configuration section, click Modify.

  3. Type the IP address or FQDN of the mail server in the SMTP Server field.

  4. (Optional) By default, the Imprivata appliance secures outgoing email using TLS.

    Uncheck Use TLS to disable this functionality. If you choose to leave TLS enabled, consider the following:

    • Imprivata supports TLS versions up to 1.2, but does not enforce any specific version. How your environment is configured determines the required version.

    • Your SMTP server must support TLS, and additional configuration may be required. For more information, see you vendor specific documentation.

  5. If required, type the credentials of an account that is authorized to send email through your server/mail relay in the SMTP Server Account Username and SMTP Server Account Password fields.

  6. Type the sender address in the Email messages are from field.

  7. Click OK.

NOTE: The Test button only confirms that the connection can be made to the SMTP server. To test that an email can be sent and received, open the Users page. Select a user, click Notify, and select the type of notification to send as a test.

When you set up the SMTP server:

  • Providers are informed when they have been successfully identity proofed by DigiCert.

  • The Imprivata Enterprise Access Management administrator receives email notifications when users have enrolled authentication methods for Remote Access.

You can configure a connection to an SMTP server over OAuth.

Prerequisites

Before you begin, make sure the follow prerequisites are met:

  • Exchange Online is enabled for SMTP AUTH.

  • You have a user account that can be used to send email. This is the account must be able to send email from the mailbox you specify.

  • You have registered an Entra ID application that let's Imprivata connect to Exchange Online over SMTP. Configuring the connection requires that you have its:

    • Client ID

    • Tenant ID

    • Client secret

  • You have registered the application's service principal in Exchange Online and granted the mailbox Send As permission.

Configure the Connection

To configure the connection:

  1. In the Imprivata Admin Console, open the gear icon menu, and click Settings.

  2. In the Email configuration section, click Modify.

  3. Select Exchange Mail Server with OAuth2.

  4. Enter the following required information:

    1. From Address: Enter the mailbox from which email notifications should be sent.

    2. Client ID: Enter the registered application’s client ID.

    3. Tenant ID: Enter the registered application's tenant ID.

    4. Username: Enter the user account that can send email from the mailbox you specified.

    5. Secret: Enter the registered application's client secret.

  5. Click Save.

When you set up the SMTP server:

  • Providers are informed when they have been successfully identity proofed by DigiCert.

  • The Imprivata Enterprise Access Management administrator receives email notifications when users have enrolled authentication methods for Remote Access.

Configuring User Messages

The following templates are available for sending messages to users. You can modify the templates as needed.

  • Enroll Notification — An email is sent to a user each time they enroll an authentication method using the Imprivata enrollment utility, and when they enroll during the remote access login process. By default, the notification is enabled. To turn it off, click Modify next to the template name, and then deselect Notify the user when an authentication method is enrolled.

  • Confirm ID Individual Identity Proofing Reminder — An email is sent to an Enterprise Access Management provider to remind them to perform identity proofing to use Enterprise Access Management for MFA for signing EPCS orders. By default, the notification is disabled. You can schedule a single email reminder or weekly email reminders. Applies only to Individual identity proofing.

  • Installing the Imprivata AgentImprivata uses a standard message to notify new users that their Imprivata accounts are created. Click View/Edit to customize the text of the message.

  • Enrolling Security Questions — If you have the Self-Service Password Reset licensed feature, then Imprivata uses a standard message to notify users when they can enroll their identity verification questions for password self-service. When you assign users a user policy that allows self-service password reset, notify the affected users with the security questions enrollment message. Click View/Edit to customize the text of the message.

Configuring Administrator Messages

The Confirm ID first-time enroll notification email can be used to notify specified recipients when providers enroll their first authentication method for e-prescribing controlled substances after completing identity proofing. This notification is intended for individuals who need to know when a provider is ready for e-prescribing controlled substances. For example, this feature can be used to notify administrators who are responsible for enabling providers for EPCS in the EMR.

By default, the notification is turned off. To turn it on, click Modify next to the template name, and then select Notify when a user's first EPCS-compliant authentication method is enrolled. In the To field, enter the email addresses of the recipients to which to send the notification email.