Digital identity with Imprivata and Microsoft: Q&A with Wes Wright and Randy Nale

Recently, we announced the next phase of our digital identity collaboration with Microsoft: Imprivata Identity Governance hosted in Microsoft Azure, and Imprivata OneSign Single Sign-on (SSO) integrated with the Microsoft identity service (Azure Active Directory) to provide seamless access to all applications including Microsoft Teams on Microsoft Surface devices.


Today we’ve asked our CTO, Wes Wright, and Microsoft Technical Solution Manager, Randy Nale, to discuss what this next phase of the collaboration means to them, and what other collaborations we might see in the near future.

Q: What does “digital identity” mean to you?

Randy: In the context of digital identities in healthcare, digital identity is how we represent the people (nurse, doctor, patient, parent, etc.), physical entities (room, IV pump, thermometer, etc.), and virtual entities (app, system, etc.) in a digitally enabled healthcare ecosystem. All of these people and things contribute to care and wellbeing in a digitally enabled healthcare system. Because its healthcare, the actions, data, and other contributions by these entities can have serious positive or negative consequences, up to and including life or death. As such, getting that identity right (making sure “it is who it says it is and it is allowed to do what it is trying to do”) becomes one of the most important components of technology infrastructure for any hospital system or any other healthcare organization. They must get it right: to protect data privacy, to ensure no malicious or simply inappropriate actors are contributing data or taking action, and to keep accountability in a world where more and more care is being delivered virtually.

Wes: Digital ID is THE critical piece in your IT infrastructure that controls who has access to what applications, from where, using what devices. We think of it at Imprivata as the “new control plane.” It’s through Digital Identity that we can say that a clinical provider is who they are and that they have been authorized to access the applications and data they need to do their job, and no more than that—a critical HIPAA mandate.

Q: What do you think the most exciting product integration in the partnership is, right now?

Randy: I think the Imprivata IDG + AzureAD partnership is super exciting. Most healthcare organizations really struggle to get broad identity lifecycle management, identity governance, role management, and similar widely deployed. This often leads to users having accounts and credentials in different systems that are overprovisioned or no longer necessary, or just a burden of manual management by both IT and the end user. IDG has a great track record of helping customers to get going FAST with basic governance and lifecycle management or core systems (HR, and then pretty easy ongoing expansion to more and more apps and systems). Now that IDG runs natively on Azure, that speed-to-value can be increased even more. With the integration Imprivata has with Active Directory (and by extension to Azure AD… with more Azure AD specific enhancements being planned), cloud apps can be integrated with minimal additional effort. Healthcare systems can literally extend their governance into a catalog of thousands of SaaS apps through that integration.

Wes: The most exciting product in the Imprivata/Microsoft partnership, for me, is the first one we did. That is Healthcare Seamless SSO. With this integration, those shared clinical workstations can be made to act like a clinician’s personal PC. So that when she/he clicks on an application, Imprivata OneSign and Microsoft know who that individual is and can seamlessly sign them into both their on premises and cloud applications.

Q: What product/integration are you looking forward to the most?

Randy: Due simply to customer demand, I think the integration of Imprivata’s multifactor solution for EPCS into Microsoft’s conditional access is the one I am looking forward to the most. Imprivata’s solution is MADE for clinical use cases (even beyond EPCS), so many doctors, nurses, and others will have that MFA solution already. At the same time, information security groups are driving stronger authentication for non-clinical use cases. The last anyone wants is TWO different MFA solutions (e.g. Imprivata for clinical MFA and Microsoft for conditional access). It only makes sense to provide our customers the ability to leverage their clinical MFA solution (which they MUST have) with our conditional access controls.

Wes: I’m really looking forward to the integration of the Imprivata Confirm ID token into the MSFT Conditional Access portal. This will allow healthcare delivery organizations (HDOs) to move to a “one token to rule them all” model. Meaning they’ll be able to use the Imprivata token for remote access, electronic prescription of controlled substances, and for any multifactor authentication call from Microsoft 365 or Azure. This integration makes technology more seamless for the clinicians in the HDOs which is a shared goal of both Imprivata and Microsoft.

Q: How do you think Imprivata Identity Governance enhances your IAM offering/MSFT enhances your IAM offering?

Randy: I think I sort of spoiled this one above. The short answer is that with Azure Active Directory (and existing on-premises Active Directory), Microsoft has THE most comprehensive identity solutions available today. Even with that breadth, we cannot solve for all of the identity needs of the healthcare industry. Furthermore, we will never reach and cover all of those use cases and systems. Imprivata specializes in healthcare. They are much better positioned for those deep clinical and other healthcare workflow integrations. My mental model is that Imprivata extends and enriches the already vast Microsoft identity ecosystem, specifically for healthcare.

Wes: The IGA partnership between Imprivata and Microsoft almost made my favorite integration. Essentially, this integration brings the strengths of both companies to the forefront. We live in an increasingly hybrid IT environment with many applications that still reside on premises and are not Active Directory aware. Imprivata can automate the provisioning and audit/compliance of those applications while MSFT helps with the provisioning of cloud/standards-based applications. Microsoft has an incredible identity management portfolio that can be used across many different types of businesses. It’s the partnership with Imprivata that turns that “horizontal” offering into the best healthcare “vertical” identity management platforms available to HDO’s today.