Hyland Connect

Ryan - 

I'll have to clarify with our security team that supports the Imprivata solution to  accurately answer your question on whether the user is getting their own Windows profile.  I can only share what my experience was during testing and the workstation was technically logged in as a multi-user type ID.  For example, the login ID on the workstation is "IMPMULTID01".  No matter who taps their badge to use the workstation, it is still logged into as "IMPMULTID01". 

When a different user taps in with their badge, obviously the workstation knows this is someone different than who was on it.  So I don't know if there is some Windows Profiles being used by user or not.

Unity Client is not being used quite yet in our healthcare settings, they are still using the OnBase Thick Client right now.  But we are looking to plan accordingly for when they do.  So in short, anyone using the Imprivata solution right now is only using the OnBase Thick Client.

When users are logging into OnBase (Thick or Unity), they are using manual Windows/domain credentials login.

I'll still ask for clarification about the Windows Profile to our security team.  

- Security team responded and the user does not get their own Windows Profile.

Alright. So after reading your initial post (before your security team responded), I assumed they were all using the same Windows profile.

So with that being said, I think you are in a little bit of a pickle. I say this because since they are all using the exact same Windows profile, it really becomes difficult to not have to force close the Thick Client. While I know this isn't ideal, there really isn't a clean way to close out of the client without causing locks of some sort.

The best suggestion I can give you is to make it so that you will have to just do your best to educate your end users that they will need to close out of viewing of a document or anything else that you are encountering that the locks are persisting.

Now, this last thought is more so a pure theoretical and that is you could potentially leverage an RPA solution here. For example, user logs in, they do all of their stuff. Now, in order to log out they will have to double-click a "log-off" shortcut that can kick off an RPA bot that will check if the Thick Client is running. If so, then will will maximize it, click file, then click exit which should gracefully release any locks or anything that the user had out there still. The only downside to this is I don't know how many workstations this Imprivata solution is being implemented on, so I am not sure how many potential RPA bots you might have to use, if you even have an RPA solution today.

Again, just some thoughts, but as far as I can tell I don't see any other way to solve this other than to educate your end users to the Nth degree.

We are using Imprivata with Unity and automatic Windows/domain credentials login. Type 2 Imprivata did not work in our workflow for the same reasons you are describing. Imprivata Type 1 login is more suited for our situation as the end user is at that workstation for hours at a time, not hoping between computers for short sessions.