HYPR Passwordless and the HYPR Mobile App

Do This First:

The user must already have installed the HYPR Mobile App on their mobile device.

API Calls

Pairing (registration) the HYPR Mobile App with an RP Application uses out-of-band notifications, which is described under RP Applications > Application Properties > Device > OOB via the HYPR Passwordless API.

Unpairing (deregistration) the HYPR Mobile App from an RP Application is performed using calls in the RP Applications > Workstation section of the HYPR Passwordless API.

HYPR Passwordless client registration calls for devices using the HYPR Mobile App, including Asynchronous Registration and QR code generation calls, can be found here in the HYPR Passwordless API.

Single registration calls from the HYPR Mobile App to both workstation and web accounts can be found RP Applications > Application Properties > Device > Single Registration . Certificate handling for Single Registration is administered with RP Applications > Workstation > Certificates.

This article also covers authentication with and removal of a pairing.

Pairing a Mobile Device Using the Camera

1. Open the HYPR Mobile App on the mobile device. The app may ask for permission to send notifications. Enabling these is optional.

2. Start the HYPR Passwordless client on the workstation if it isn’t running already.

   

3. Click Start Pairing in the HYPR Passwordless client. If you already have a device paired, click Pair New Device. You are presented with the option to pair a Smartphone or a Security Key.

   

4. Select Smartphone and a QR code will appear in the dialog.

   
   
   
   Just a Minute:

   The QR code expires after one minute (or three minutes if the Require User Presence for Registration feature is enabled), and an error message appears in the HYPR Passwordless client. If this happens, click Try Again.

5. In the HYPR Mobile App, tap SCAN QR. If the HYPR Mobile App has already been used to pair this device before, the SCAN QR button may not appear; instead, tap the QR code icon above Add Account or Computer or in the upper right.

   
   
   
   Camera Ready?

   The HYPR Mobile App may request permission to use the device’s camera. It’s important to grant this access; otherwise, scanning the QR code won’t be possible.

   If you are unable to use your device's camera with your HYPR Mobile App, follow the instructions for using QR Fallback from the HYPR Passwordless Client.

6. Orient the mobile device's camera to the QR code on the workstation screen.

7. Select the authentication method to be used (face recognition, fingerprint recognition, PIN, etc.) whenever they unlock their workstation with this device. Authentication options vary according to the operating system and version of the device.

   • If users choose the PIN option, they’ll be asked to create a unique PIN for use with HYPR to unlock the workstation.

   • If they choose a biometric method, it must be set up already on the mobile device; on Android devices, select the Native option for biometric identification.

   • Depending upon the policy, you may see other methods of authentication. In this example, Face ID is enabled:

     

8. When prompted, use the chosen authentication method to finish pairing the device.

9. (Windows only) If the Require User Presence feature is enabled in Control Center, authenticate using to the available methods on the workstation (PIN, security key, smart card, etc.), then click OK.

   

   For more information on this feature, see Device Registration and the Require User Presence Feature.

   

10. Click Finish.

11. (Optional but recommended) Test the process is working correctly. Please see Testing the New Device.

    

Testing the New Device

It’s highly recommended that users test they can unlock their workstation right after registering a new device. See Unlocking/Locking to test out remote lock and unlock with your new pairing.

1. Lock the workstation, for example by pressing Windows+L.

2. Open the HYPR Mobile App on the mobile device. Tap the workstation icon on the mobile device and follow the instructions on the screen.

   

Make It Your Own

The name showing for the workstation is the machine name/user combination determined by the HYPR Passwordless client installer. Users can change the display name through the HYPR Mobile App by pressing and holding the workstation name, tapping Computer Details, and entering a new name in the Rename Computer field.

Authentication Methods

The authentication methods users can choose when they register a new device vary according to the operating system and the version of the device. The default options are biometric and PIN. On Android devices, the biometric choices display as Native. For both iOS and Android, users must have set up biometric recognition already to be able to use it with the HYPR Mobile App.

If users choose the PIN option, they’ll be prompted to create a six-digit PIN specifically for use with the HYPR Mobile App.

Choosing a Different Authentication Method for a Mobile Device

Users are only prompted to choose an authentication method the first time they register their device. If they want to switch to a different method later, they’ll need to reinstall the HYPR Mobile App and re-register the device.

Device Registration and the Require User Presence Feature

The Require User Presence feature (available for Windows only) is an extra security measure for device registration. When it’s enabled, users complete workstation authentication as one of the steps in registering a new device. In this case, the one-minute timeout for the QR code is extended to three minutes.

Administrators can enable the Require User Presence feature through the Control Center. See Control Center Standard Mode Workstation Settings.

Troubleshooting Device Registration

Occasionally, users run into problems when registering a device. The most common issues occur in these areas:

• Connectivity between the HYPR Passwordless client and the server

• Connectivity between the HYPR Passwordless client and the mobile device

• Problems scanning the QR code successfully, often because the user is unfamiliar with this activity

• Enterprise Passkey + HYPR Mobile App for iOS: Due to the way iOS reports background / foreground status of the applications, on certain conditions the full functionality might not be ready in the HYPR Mobile App for iOS right after resuming it from the background app list. This might be result in authentication prompts not being displayed. To solve this problem, close and reopen the HYPR Mobile App.

For information on how to resolve these issues, including explanations of error codes, please see HYPR Passwordless Scenarios on the HYPR Support website.

Unpairing a Mobile Device

Users can unpair a mobile device through the HYPR Passwordless client or through the HYPR Mobile App.

Contingency Plan

Before unpairing a device, users should make sure they have another way to log into the workstation, typically by entering their password.

To unpair a device through the HYPR Passwordless client, click Deregister Device (the trash icon) below the name of the device.

API CALL: Workstation de-registers a paired HYPR Mobile App.

'POST /rp/wsapi/client/device/deregister'

To unpair a device through the HYPR Mobile App, long press the workstation name, tap Computer Details, and tap the trash icon.

API CALL: Device submits workstation(s) for deregistration.

'POST /rp/deviceapi/device/ws/deregister'

Related Articles

Using Standard Security Keys

Unlocking/Locking