Imprivata Documentation | Imprivata Enterprise Access Management (Confirm ID) 25.3 | Topic updated: September 30, 2025

Set Up Supervisor for Supervised Enrollment

Enrollment supervisors witness and attest to a provider's enrollment of authentication methods that require heightened verification. No special technical skills are required to act as an enrollment supervisor beyond using the enrollment utility as described in Supervised Enrollment.

An EAM administrator must configure users for this role.

Adding Supervisors

Supervisors are configured on the Enrollment supervisors page (Imprivata Admin Console > Users > Enrollment Supervisors).

To add a user to the supervisors list, click Add enrollment supervisors, then search for the user you want to add.

Select the user's name from the drop-down list. A message appears at the top of the page confirming that the user was successfully added to the supervisors list.

NOTE: Do not assign enrollment supervisors to a user policy that is associated with an Enterprise Access Management MFA (Confirm ID) workflow.

Authentication Methods for Witnessing

Supervisors must authenticate when witnessing and attesting to provider enrollments.

All authentication methods are allowed.
By default, supervisors use Password or Fingerprint as a single factor.
Administrators can configure one-factor or two-factor authentication.

To configure authentication methods:

Open the Enrollment supervisors page (Users > Enrollment supervisors).
Click the authentication method you want to modify, or click Add another method.
Select the authentication method to use as the first authentication factor.
Optional — Select the authentication method to use as the second authentication factor.
Click Done.
Repeat steps 2-5 for all authentication methods you want to enable for enrollment supervisors.

NOTE:

For example, a supervisor may be required to use Fingerprint + Password or Fingerprint + Imprivata PIN when witnessing enrollment.

If you want to delete an authentication method, click the authentication method and then click Remove this authentication method. You can add the authentication method back later by clicking Add another method.

Enrollment Settings

Supervised enrollment is available to all users with a Enterprise Access Management or Authentication Management license.

The following authentication methods can be configured to always require supervision:

Imprivata ID
Fingerprint
OTP token
Secure proximity card (DESFire)
Security Key (FIDO)
Facial biometric

Other modalities, such as standard proximity card or Imprivata PIN, can be enrolled during supervised enrollment, but they do not require witnessing.

After the provider has enrolled an authentication method in the presence of an enrollment supervisor, you can allow self-enrollment of subsequent authentication methods:

1. Go to the Enrollment supervisors page (Users > Enrollment supervisors).

2. Deselect the methods you don’t want to require supervision for.

IMPORTANT:

If the Require eIDAS Substantial policy option is enabled, supervision is mandatory for these methods:

Secure proximity card (DESFire)
Imprivata ID
Security Keys (FIDO)

Supervision of these methods cannot be disabled while the eIDAS Substantial requirement is active.