To use Kerberos authentication with Imprivata you to create KeyTab file which needs to be uploaded to the Imprivata appliance. Creating a keytab file can be time consuming if it is your time. There are tutorials from Microsoft like this one here. These are long and not written for Imprivata. This tutorial is s only for Imprivata.
To create a KeyTab file for Imprivata we need the following before we can start
- Working Active Directory
- Domain Admin account
- Working Imprivata Appliance
- Windows Client with Imprivata One Sign Agent installed
- Imprivata Admin account
Logon to a Windows Client which has an Imprivata client installed. Use your Domain admin credentials. Start a command prompt via ISXRunAs.exe
"c:\Program Files (x86)\Imprivata\OneSign Agent\ISXRunAs.exe" cmd.exe
Goto the OneSign folder and start ISXKerbUtil.exe
Enter the credentials of your Imprivata appliance.
In some scenarios this does not work.
There is a fix for this.
Logon to your Domain Controller and create a drive mapping to your Windows Client with the Imprivata agent. Start a command prompt and goto the OneSign Agent folder and start ISXkerbUtil.exe.
Enter the Imprivata appliance IP
Enter Imprivata account in UPN style.
Use a new password for the keytab file.
Succesfull created a keytab file.