Reference Guide
Parameter Description
OneSignServer=onesign_server
[DisableBeep={yes,no}]
[KioskMode=yes,no}]
[TapToLock={0,1,2}]
[EnableWindowAuthentication={yes,no}]
[AutoAccess={VMW,XD,XA,LOCAL,RDSHD,
RDSHA, RDSHPC}]
[NetBIOSDomainName={yes,no}]
[SuspendAction={0, 1}]
[DisableHotKey={yes,no}]
Loglevel=0/1/2/3
[DisablePromptToEnroll={yes,no}]
[SecurityMode={default, full, warning, low}]
A list of host names or IP addresses with optional TCP port number or URLs of
Imprivata OneSign servers. It should use https protocol. If OneSignServer="" is
defined, then only imprivata virtual channel can work.If DisableBeep is set to yes,
then Rfideas reader can be set to mute when a card is tapped. Default is no.
If KioskMode is set to yes, then different OneSign user can unlock the client
desktop. Default is no. Optional keyword TaptoLock is only active when
KioskMode=yes.
• If TapToLock=0, then tap a card to lock terminal is disabled.
• If TapToLock=1(Tap to lock), then use the proximity card to lock the terminal.
• If TapToLock=2(Tap over), then lock the terminal and log in as a different user.
Default is 2.
If EnableWindowAuthentication is set to yes and OneSign signon fails, then continue
to sign-on with windows credential to pre-define broker. Default is yes.
If AutoAccess is defined, then auto launch the corresponding type of
broker. Otherwise, get the broker type from the Imprivata Server setting of
computer and user policy. If none of them is defined, then launch the first available
broker server from the Imprivata server.
If AutoAccess=LOCAL is set, then launch the broker from the ThinClient setting; the
broker getting from the Imprivata Server is ignored.
NOTE: AutoAccess can be set in [username].ini and wnos.ini. The
wnos.ini has priority over [username].ini.
If NetBIOSDomainName is set to yes, then Imprivata domain list will show NetBIOS
domain name and card user will authenticate to the broker server using NetBIOS
domain name. Default is no.
If SuspendAction is set to 0, then lock the terminal when you tap the card or press
the hotkey. If set to 1, then signoff the terminal. If ‘no’ is defined, then lock the
terminal in KioskMode and sign-off the terminal in none KioskMode.
If DisableHotKey is set to yes, then no action when you press the hotkey defined in
Imprivata Server. Only WebAPI 4 and later versions support the hotkey function.
Loglevel—While configuring the Imprivata server, user can view the OneSign logs
on ThinOS by enabling the Agent Logging feature. An ini configuration is needed
correspondingly. Default value is 0. If set to 0, logs are not displayed.
If DisablePromptToEnroll is set to yes, then ThinOS does not prompt you to enroll
their security answers after OneSign sign-on. Default value is yes.
SecurityMode specifies the SSL certification validation policy. If set to default, it
applies SecurityPolicy setting. If set to full, the SSL connection needs to verify
server certificate. If it is untrusted, drop the connection. If set to warning, the SSL
connection needs to verify server certificate. If it is untrusted, it is up to you to
continue or drop the connection. If set to low, the server certificate is not checked.
The value is persistent, and the default value of the setting is default.
From ThinOS version 8.3_109, ThinOS supports OneSign 5.2 RDSH broker.
Set AutoAccess=RDSHD or RDSHA to automatically launch Microsoft type broker.
Set RDSHPC to automatically launch RDP session without broker.
30
Parameters for wnos INI files only