23 September 2019

How to create a keytab file for Imprivata with Kerberos authenticating.


To use Kerberos authentication with Imprivata you to create KeyTab file which needs to be uploaded to the Imprivata appliance.  Creating a keytab file can be time consuming if it is your time. There are tutorials from Microsoft like this one here. These are long and not written for Imprivata. This tutorial is s only for Imprivata.

To create a KeyTab file for Imprivata we need the following before we can start

- Working Active Directory
- Domain Admin account
- Working Imprivata Appliance
- Windows Client with Imprivata One Sign Agent installed
- Imprivata Admin account

Logon to a Windows Client which has an Imprivata client installed. Use your Domain admin credentials. Start a command prompt via ISXRunAs.exe

"c:\Program Files (x86)\Imprivata\OneSign Agent\ISXRunAs.exe" cmd.exe

Goto the OneSign folder and start  ISXKerbUtil.exe


Enter the credentials of your Imprivata appliance.


In some scenarios this does not work.



There is a fix for this.

Logon to your Domain Controller and create a drive mapping to your Windows Client with the Imprivata agent. Start a command prompt and goto the OneSign Agent folder and start ISXkerbUtil.exe.


Enter the Imprivata appliance IP



Enter Imprivata account in UPN style.
Use a new password for the keytab file.




Succesfull created a keytab file.









How to upgrade an Imprivata G3 appliance to a G4 appliance?

1. What do you need? 2 running Imprivata Appliances  Imprivata appliance version 7.8 or higher (check Imprivata documentation for details) G...