HYPR Passwordless

Do This First

This article assumes you have already completed the HYPR SDK Quick Start before continuing.

HYPR Passwordless provides the means to login to or unlock a paired machine.

SDK for Android

SDK Interface

HYPR Passwordless uses the HyprApiActionAdapter and HyprDbAdapter SDK interfaces.

HYPR Code Objects

The following HYPR code objects are used in HYPR Passwordless mode:

• HyprAppProfileData - Profile corresponding to a HYPR RP Application

• HyprMachineProfileData - Profile corresponding to a machine (most likely a workstation or computer)

• HyprMachineState - State of a machine

• HyprOfflineData - Object containing the Offline State variables of a machine

DB IDs

Most HYPR code objects have a DB ID to uniquely identify it. The SDK interfaces often require a DB ID to indicate which object is being operated on at the time. HYPR Passwordless mode uses the following DB IDs:

• App Profile DB ID
• Machine Profile DB ID

HYPR Passwordless

This implementation involves using HYPR SDK for Android to authenticate into a workstation. This is a full HYPR implementation for direct communication with a HYPR RP Server / HYPR FIDO Server.

Interface	HyprInit HyprApiActionAdapter HyprDbAdapter
Related Components	UIAdapter User Agent FIDO Client ASMs Authenticators
Functionality	OOB Registration Website Authentication FIDO Operations

Learn More

To learn more about OOB Consumer Access and how to integrate it into your app, go to the Web Authentication page.

Database Setup

During the Quick Start you created a CustomHyprDbAdapter which extends the HyprDbAdapter class. HYPR Passwordless mode requires the following modifications to that custom class setup:

• Set the HyprRpAppType to WorkstationOnly

• Set your RP URL (BaseDomainUrl)

• Set your RP Application ID (RpAppId)

// HYPR Passwordless Additions
appProfile.setHyprRpAppType(context, HyprRpAppType.WorkstationOnly);
appProfile.setBaseDomainUrl(context, "https://your-company-hypr-rp-address.com");
appProfile.setRpAppId(context, "your RP Application Id");

The complete class with those additions is shown here.

public class CustomHyprDbAdapter extends HyprDbAdapter {
    /**
     * Called after a new App Profile is created.
     * Put any DB customizations here for the new App Profile.
     *
     * @param context    current context
     * @param appProfile appProfile object that was just created
     */
    @Override
    public void onNewAppProfileCreated(@NonNull final Context context,
                                       @NonNull HyprAppProfileData appProfile) {
        // Workstation Access Additions
        appProfile.setHyprRpAppType(context, HyprRpAppType.WorkstationOnly);
        appProfile.setBaseDomainUrl(context, "https://your-company-hypr-rp-address.com");
        appProfile.setRpAppId(context, "your RP Application Id");

    }
}

Pair a Machine

Before a machine can be unlocked, it must be paired with a smart phone using one of the following methods:

• Scan a QR code

• Use an out-of-base PIN entry

• Use a direct out-of-base PIN

Initiate Pairing Options

Three methods exist for launching an Activity to initiate pairing via the HyprApiActionAdapter:

• QR Code: HyprApiActionAdapter.addMachineToAppProfileWithQrScanner()

• PIN Entry: HyprApiActionAdapter.addMachineToAppProfileWithPinEntry()

• PIN Direct: HyprApiActionAdapter.addMachineToAppProfileWithPinDirect()

The results are returned in onActivityResults with the resultCode of HYPR_OOB_DEVICE_SETUP_ACT_REQ_CODE.

1. Using the example below, verify the HYPR Initialization is complete. If only using one App Profile, get the current Application Profile and the App Profile DB ID. See App Profiles for more details.

2. Pass that App Profile DB ID into the addMachineToAppProfileWith method to start a HYPR SDK Activity which will perform the pairing.

3. Results are returned in the onActivityResult method described in the HYPR Passwordless Activity Results section below. The result code is HYPR_OOB_DEVICE_SETUP_ACT_REQ_CODE.

void addMachineWithQrScanner(Activity activity) {
    if (App.isHyprInitComplete()) {
        try {
            HyprAppProfileData hyprAppProfileData = App.getHyprDbAdapter().getCurHyprAppProfileData(activity);
            HyprApiActionAdapter.addMachineToAppProfileWithQrScanner(activity, hyprAppProfileData.getDbId());
        } catch (HyprException exception) {
            exception.printStackTrace();
        }
    }
}

void addMachineWithHyprPinScreen(Activity activity) {
    if (App.isHyprInitComplete()) {
        try {
            HyprAppProfileData hyprAppProfileData = App.getHyprDbAdapter().getCurHyprAppProfileData(activity);
            HyprApiActionAdapter.addMachineToAppProfileWithPinEntry(activity, hyprAppProfileData.getDbId());
        } catch (HyprException exception) {
            exception.printStackTrace();
        }
    }
}

void addMachineWithDirectPin(Activity activity,
                                     String pin) {
    if (App.isHyprInitComplete()) {
        try {
            HyprAppProfileData hyprAppProfileData = App.getHyprDbAdapter().getCurHyprAppProfileData(activity);
            HyprApiActionAdapter.addMachineToAppProfileWithPinDirect(activity, hyprAppProfileData.getDbId(), pin);
        } catch (HyprException exception) {
            exception.printStackTrace();
        }
    }
}

Get Paired Machines

To perform an action with a paired machine, its Machine DB ID is required. This method will return the list of Machines.

Get Paired Machines Method

hyprAppProfileData.getHyprMachineProfileDatas() is used to get the list of HyprMachineProfileDatas.

This is a direct DB call and does not launch an Activity.

1. Using the example below, verify the HYPR Initialization is complete. If only using one App Profile, get the current Application Profile and the App Profile DB ID. App Profiles has more details.

2. From the App Profile, return the list of Machine Profiles with the getHyprMachineProfileDatas method.

The code sample below shows how to get a full list of paired machines and their DB IDs.

List<HyprMachineProfileData> getPairedMachines(Activity activity) {
    List<HyprMachineProfileData> list = new ArrayList<>();
    if (App.isHyprInitComplete()) {
        try {
            HyprAppProfileData hyprAppProfileData = App.getHyprDbAdapter().getCurHyprAppProfileData(activity);
            list = hyprAppProfileData.getHyprMachineProfileDatas();
        } catch (HyprException exception) {
            exception.printStackTrace();
        }
    }
    return list;
}

Update and Check Machine State

A machine can be in several states. An explanation of the possible statuses follows.

STATE	DESCRIPTION
INIT	This is the initial state. If a machine is in this state, it is not fully setup yet.
NO_STATUS	This is the state after a machine is fully registered, but before its state is checked.
INVALID_STATUS	There was an error checking the state.
UNLOCKED	The machine is unlocked.
UNREACHABLE	The machine is not reachable, usually because it is not connected to the Internet.
LOCKED	The machine is locked.

Depending on the state of the machine, it might not make sense to start certain actions. For example, if a computer is in the UNLOCKED state, then it makes no sense to unlock it.

Update Machine States Method

HyprApiActionAdapter.refreshWorkstationStatus() is used to launch an Activity to update the Machine States in the HYPR DB via the HyprApiActionAdapter:

The results are returned in onActivityResult with the resultCode of
HYPR_UPDATE_WORKSTATION_STATUS_ACT_REQ_CODE.

1. Using the example below, verify the HYPR Initialization is complete. If only using one App Profile, get the current App Profile and the App Profile DB ID. App Profiles has more details.

2. Pass that App Profile DB ID into the refreshWorkstationStatus method to start a HYPR SDK activity which will perform the call to the HYPR Server to get the Machine States and update those statuses automatically in the HYPR DB.

3. The success/fail results are returned in the onActivityResult method described in the HYPR Passwordless Activity Results section. The result code is HYPR_UPDATE_WORKSTATION_STATUS_ACT_REQ_CODE.

4. After this operation is complete and the results from onActivityResult are checked, obtain the current Machine State from the HYPR DB using the getPairedMachines method from the earlier section to get a list of Machine Profiles. Each Machine Profile will then contain the updated Machine State.

void updateMachineStates(Activity activity) {
    if (App.isHyprInitComplete()) {
        try {
            HyprAppProfileData hyprAppProfileData = App.getHyprDbAdapter().getCurHyprAppProfileData(activity);
            HyprApiActionAdapter.refreshWorkstationStatus(activity, hyprAppProfileData.getDbId());
        } catch (HyprException exception) {
            exception.printStackTrace();
        }
    }
}

void checkMachineStates(Activity activity) {
    if (App.isHyprInitComplete()) {
        List<HyprMachineProfileData> list = getPairedMachines(activity);
        for (HyprMachineProfileData machineProfileData : list) {
            String machineDbId = machineProfileData.getDbId();
            HyprMachineState machineState = machineProfileData.getMachineState();
            // update UI dependent on Machine State
        }
    }
}

Unlock a Machine

Machine Unlocks are done on a Machine Profile basis. Each Machine Profile has a DB ID that typically is passed into methods to tell the SDK which Machine Profile to use.

Unlock a Machine Method

HyprApiActionAdapter.unlockWorkstation() is used to launch an Activity to initiate a Machine Unlock via the HyprApiActionAdapter:

The results are returned in onActivityResults with the resultCode of
HYPR_LOGIN_ACT_UNLOCK_MACHINE_REQ_CODE.

1. In the example below, check to make sure that the HYPR Initialization is complete. Passed into the method is the Machine DB ID. You should be keeping track of Machine Profile DB IDs for your UI elements that correlate with Machines.

2. Pass that Machine Profile DB ID into the unlockWorkstation method to start a HYPR SDK activity which will perform the unlock.

3. The results are returned in the onActivityResult method described in the HYPR Passwordless Activity Results section. The result code is HYPR_LOGIN_ACT_UNLOCK_MACHINE_REQ_CODE.

void unlockMachine(Activity activity,
                   String machineDbId) {
    if (App.isHyprInitComplete()) {
        HyprApiActionAdapter.unlockWorkstation(activity, machineDbId);
    }
}

Offline Unlock

If Offline Unlock is enabled in the HYPR Control Center, a user can complete an Offline Unlock to receive a PIN that can be used to unlock their computer. This can be done regardless of whether or not the smartphone and/or the computer have an Internet connection. The code sample below shows how to initiate an Offline Unlock and how to retrieve the offline PIN on a successful authentication.

Prerequisites

To initiate an Offline Unlock, the following must be true:

• Offline Unlock is enabled (a check is done with the HYPR Control Center each time a standard online unlock is successfully completed)

• At least one successful online unlock was completed (required because an authentication payload is needed to start an offline unlock)

• There are unused offline PINs available

Offline Unlock is on a Machine Profile basis. Each Machine Profile has a DB ID that is passed to methods to tell the SDK which Machine Profile to use.

Offline Unlock

HyprApiActionAdapter.offlineUnlockWorkstation() is used to launch an Activity to initiate a Machine Offline Unlock via the HyprApiActionAdapter.

The results are returned in onActivityResults with the resultCode of
HYPR_LOGIN_ACT_UNLOCK_MACHINE_REQ_CODE.

1. Using the example below, verify the HYPR Initialization is complete. Machine DB ID is passed to the method. Keep track of Machine Profile DB IDs for your UI elements that correlate with Machines.

2. Check if the Offline Mode Unlock is available for use via the HyprOfflineData object. The Offline Data object can be retrieved from the Machine with getHyprOfflineData. From the Offline Data object, check to see that OfflineMode is enabled, that the Machine has performed a successful online unlock already, and that there are still Offline Tokens available for use.

3. If those conditions are satisfied, pass that Machine Profile DB ID into the offlineUnlockWorkstation method to start a HYPR SDK activity which will perform the Offline Unlock PIN Retrieval.

4. The results are returned in the onActivityResult method. The result code is HYPR_LOGIN_ACT_UNLOCK_MACHINE_REQ_CODE.

The PIN is contained in the onActivityResult intent data, in the HyprStatusResult object, the getSuccessPayload() method. PIN Retrieval from the data object is described in the HYPR Passwordless Activity Results section.

void offlineUnlock(Activity activity,
                   String machineDbId) {
    if (App.isHyprInitComplete()) {
        if (isOfflineModeAvailableAndReadyToUse(activity, machineDbId)) {
            HyprApiActionAdapter.offlineUnlockWorkstation(activity, machineDbId);
        }
    }
}

boolean isOfflineModeAvailableAndReadyToUse(Activity activity,
                                            String machineDbId) {
    try {
        HyprOfflineData offlineData = App.getHyprDbAdapter().getMachineProfileByDbId(activity, machineDbId).getHyprOfflineData();

        boolean isOfflineEnabled = offlineData.isOfflineEnabledAndSetup();
        boolean hasPerformedOnlineUnlockWithOfflineEnabled = offlineData.hasPerformedOnlineUnlockWithOfflineEnabled();
        boolean isTokensRemaining = offlineData.getTokenCountRemaining() > 0;

        return isOfflineEnabled && hasPerformedOnlineUnlockWithOfflineEnabled && isTokensRemaining;

    } catch (HyprException exception) {
        exception.printStackTrace();
        return false;
    }
}

Unpair a Machine

Unpairing a Machine is done on a Machine Profile basis. Each Machine Profile has a DB ID that is passed to methods to tell the SDK which Machine Profile to use.

Unpair a Computer Method

HyprApiActionAdapter.deleteWorkstation() is used to launch an Activity to initiate a Machine Unpair via the HyprApiActionAdapter.

The results are returned in onActivityResults with the resultCode of HYPR_DELETE_WORKSTATION_ACT_REQ_CODE.

1. Using the example below, check to make sure that the HYPR Initialization is complete. Passed into the method is the Machine DB ID. Keep track of Machine Profile DB IDs for your UI elements that correlate with Machines.

2. Pass that Machine Profile DB ID into the deleteWorkstation method to start a HYPR SDK activity which will perform the unpair.

3. The results are returned in the onActivityResult method described in the HYPR Passwordless Activity Results section further below. The result code is HYPR_DELETE_WORKSTATION_ACT_REQ_CODE.

void unpairMachine(Activity activity,
                   String machineDbId) {
    if (App.isHyprInitComplete()) {
        HyprApiActionAdapter.deleteWorkstation(activity, machineDbId);
    }
}

HYPR Passwordless Activity Results

Results from all HyprApiActionAdapter operations are returned in the onActivityResults method. The standard result code returned for a successful HYPR SDK for Android Operation activity result is HYPR_ACT_RES_CODE_SUCCESS.

@Override
protected void onActivityResult(int requestCode,
                                int resultCode,
                                Intent data) {
    if (resultCode == HYPR_ACT_RES_CODE_SUCCESS) {
        handleSuccess(requestCode, data);

    } else {
        handleFailure(requestCode);
    }
}

void handleSuccess(int requestCode,
                   Intent data) {
    switch (requestCode) {
        case HYPR_OOB_DEVICE_SETUP_ACT_REQ_CODE:
            Toast.makeText(this, "Pairing Successful", Toast.LENGTH_SHORT).show();
            break;

        case HYPR_UPDATE_WORKSTATION_STATUS_ACT_REQ_CODE:
            Toast.makeText(this, "Update Status Successful", Toast.LENGTH_SHORT).show();
            break;
            
        case HYPR_LOGIN_ACT_UNLOCK_MACHINE_REQ_CODE:
            String pinText = "";
            if (data != null && data.hasExtra(INTENT_KEY_HYPR_STATUS_RESULT)) {
                HyprStatusResult hyprStatusResult = (HyprStatusResult) data.getSerializableExtra(INTENT_KEY_HYPR_STATUS_RESULT);
                if (hyprStatusResult != null) {
                    pinText = hyprStatusResult.getSuccessPayload();
                }
            }

            if (!TextUtils.isEmpty(pinText)) {
                // Offline login was performed. Offline PIN retrieved and can be displayed by the UI.
                Toast.makeText(this, "Offline Unlock PIN Retrieval Successful", Toast.LENGTH_SHORT).show();
            } else {
                // Standard login was performed. Handle standard login success here.
                Toast.makeText(this, "Unlock Machine Successful", Toast.LENGTH_SHORT).show();
            }
            break;

        case HYPR_DELETE_WORKSTATION_ACT_REQ_CODE:
            Toast.makeText(this, "Delete Machine Successful", Toast.LENGTH_SHORT).show();
            break;

        default:
            Toast.makeText(this, "Unknown Success", Toast.LENGTH_SHORT).show();
    }
}

void handleFailure(int requestCode) {
    switch (requestCode) {
        case HYPR_OOB_DEVICE_SETUP_ACT_REQ_CODE:
            Toast.makeText(this, "QR Pairing Failed", Toast.LENGTH_SHORT).show();
            break;

        case HYPR_UPDATE_WORKSTATION_STATUS_ACT_REQ_CODE:
            Toast.makeText(this, "Update Status Failed", Toast.LENGTH_SHORT).show();
            break;

        case HYPR_LOGIN_ACT_UNLOCK_MACHINE_REQ_CODE:
            Toast.makeText(this, "Unlock Machine Failed", Toast.LENGTH_SHORT).show();
            break;

        case HYPR_DELETE_WORKSTATION_ACT_REQ_CODE:
            Toast.makeText(this, "Delete Machine Failed", Toast.LENGTH_SHORT).show();
            break;

        default:
            Toast.makeText(this, "Unknown Failure", Toast.LENGTH_SHORT).show();
    }
}

SDK for iOS

Functionality on macOS

Currently, it is possible to log into, but it not possible to unlock, a macOS machine using HYPR.

Things to Know about the HYPR SDK for iOS

HYPRUserAgent Data Model

HYPRUserAgent may have multiple profiles; each profile may have multiple userAccounts; each user accoun may have multiple RemoteDevices (Workstations).

This document focuses on the interaction with RemoteDevices (Workstations). If your App will have workstations from more than one server or rpAppId, your SDK will include more than one profile and corresponding userAccount. In this case, to interact with the workstation you must switch the active profile and (optional) active account to match the workstation with which the user wants to interact. In most cases, each profile will have only one account, and switching the profile will be enough.

Switching Profiles

// Switch profile
HYPRUserAgent.sharedInstance().switchActiveProfile(profile)
// Switch account (optional in most of the cases)
HYPRUserAgent.sharedInstance().switchActiveUserAccount(account)

Before Starting the Interaction with Workstations

First we need to setup the SDK:

SDK Setup Options

// Enable the authenticators
        HYPRUAFClient.registerAuthenticatorModule(HYPRFingerprintAsm.self)
        HYPRUAFClient.registerAuthenticatorModule(HYPRFaceIDAsm.self)
        HYPRUAFClient.registerAuthenticatorModule(HYPRFaceAsm.self)
        HYPRUAFClient.registerAuthenticatorModule(HYPRPINAsm.self)
               
 // Optional: For sending/receiving HTTP Headers in HYPR SDK calls
        HYPRUserAgent.setCustomHeadersDelegate(self)
        
 // Enable or Disable SSL Pinning
        HYPRUserAgent.setSSLPinningEnabled(false)
        
 // Optional: Enable default AAID Picker UI for UserAgent
        HYPRUserAgent.setAAIDPickerViewEnabled(true)
        
 // Optional: Set AAIDPickerViewController if previous set to true
        let viewController = UIStoryboard(name:"Main", bundle: nil).instantiateViewController(withIdentifier: "PickerViewController")
        HYPRUserAgent.setAAIDPickerViewController(viewController)
        
 // Optional: Set the Face Authenticator Parameters
        HYPRFaceAsm.setTimeout(60000)

To present the HYPR SDK for iOS UI (authenticators and AAIDPicker) we'll need to setup the presenting view controller or parent view controller, as we call it. Depending on your App's implementation it could be done once the entire HYPR SDK for iOS UI will be present at the same view controller; or you may need it to set each time you go to another place - for example, in the viewWillAppear method:

viewWillAppear function

override func viewWillAppear(_ animated: Bool) {
    super.viewWillAppear(animated)
    HYPRUserAgent.setParentViewController(self)
}

Pairing/Registration

Before pairing the computer to your mobile app, it is required to setup the profile, which corresponds to the Relying Party (RP) server and rpAppId. There are two ways to do it:

• License configuration: Using the QR code or PIN, the SDK configures itself; this process includes setting up the RP profile and pairing the first workstation

• Manual configuration: You specify the RP URL and rpAppId; you must pair the workstation explicitly

Manual Configuration

Create and set the profile. This procedure should be executed once per RP server/rpAppId pair. You should execute it more times if the user is going to pair workstations from different rpAppIds/RP servers. In most cases your users will interact with workstations within a single RP server or rpAppId, so you could set it in the App delegate.

Manual Profile Creation

// If app profile does not exist, create a new one
if HYPRUserAgent.sharedInstance().activeProfile() == nil {
// Create the profile configuration where you specify the following:
		let profileConfig = HYPRUserAgentProfileConfiguration(rpAppId: "RP App ID here: i.e. HYPRDefaultApplication",
                                                  		rpServerUrl: "Place the RP URL here: i.e. https://9999-pov.hypr.com",
                                                   		 deviceType: "WORKSTATION",
                                          	  rpSSLPinCredentials: nil,// or ssl pin credentials if you have ones and set sslPinning to true in setup
                                               		 additionalData: nil)

// Create the profile with the profile configuration
		let profile = HYPRUserAgentProfile(displayName: "<Your profile name goes here>", configuration: profileConfig, persona: nil, userAccounts: nil)
            
		HYPRUserAgent.sharedInstance().registerProfile(profile!)
}

After the profile is set, pair your first workstation via QR code scanner.

Pair via QR Code

HYPRUserAgent.sharedInstance().registerRemoteDevice(forUser: nil, pinInputType: .qRCodeScan , actionId: "<Your policy name goes here>") { (error) in
    if(error != nil) {
        // Error handling goes here
    } 
}

In both cases the user will be prompted to authenticate via matched authenticators, according to the specified policy. Policies are set on the Control Center for each rpAppId.

Critical Step

To dictate what authenticators to use during registration, authentication, and deregistration, you must create a policy that specifically requires them. Details are found under Policy Matching.

Both types of registration can be cancelled via the corresponding HYPRUserAgent method calls.

Cancel Registration

HYPRUserAgent.sharedInstance().cancelLicenseConfiguration { (error) in 
		// Error handling goes here
}

HYPRUserAgent.sharedInstance().cancelRegisterRemoteDevice { (error) in 
		// Error handling goes here
}

Operations

Here are the operations which can be performed on the paired device.

unlock

This operation includes unlock and login (if supported and corresponding settings are turned ON). From the HYPR SDK for iOS perspective, it is the same operation:

HYPRUserAgent.sharedInstance().unlock(workstation) { (error) in 
		// Error handling goes here
}

During this operation the user will be prompted to authenticate according to the registered authenticators and received policy from the server.

Unlock can be cancelled via the corresponding HYPRUserAgent method call.

HYPRUserAgent.sharedInstance().cancelUnlock(workstation, completion: { (error) in
		// Error handling goes here
})

updateRegisteredRemoteDevicesStatuses

When called, this operation will update the status of all workstations belonging to the active user account. You may want to call this method before trying to unlock the workstation. For example, it may be already unlocked, and you want to notify the user accordingly. Check the HYPRUserAgentRemoteDevice.h class in the HYPR SDK for iOS framework for reference.

HYPRUserAgent.sharedInstance().updateRegisteredRemoteDevicesStatuses { (error) in
		// Error handling goes here
}

Local Operations

rename and (set as) default don't affect any server or workstation settings.

// Rename the workstation
let updatedWorkstation = HYPRUserAgent.sharedInstance().renameRemoteDevice(workstation, withDisplayName: name)
// Set the workstation as a defaulf for active account
updatedWorksation = HYPRUserAgent.sharedInstance().setRemoteDevice(workstation, default: true)

// Also you can get the active user's default workstation:
let defaultWorkstation = HYPRUserAgent.sharedInstance().defaultRemoteDevice()?

Offline Access

If set properly in the Control Center, users will be able to access (unlock) their workstations without an Internet connection using the offline tokens. To use this functionality they must pair their workstation with an iPhone and perform online unlock/login at least once before going offline to allow HYPR to preemptively cache the credentials.

There are two methods available:

// Getting the offline access info
let workstationOfflineAccessInfo = try? HYPRUserAgent.sharedInstance().offlineAccessInfo(for: workstation) {
    // Present UI with obtained info if needed                    
}

// Getting the offline access token to make user enter it on workstation instead of a password
HYPRUserAgent.sharedInstance().consumeOfflineToken(for: workstations, completion: { (token, info, error) in
		// Error handling, token presentation on UI goes here
}

In the second method, during the consumeOfflineToken operation, the user will be prompted to authenticate according to the registered authenticators and cached policy from the server.

Please also refer to the HYPROfflineAccessInfo.h class in HYPR SDK for iOS.

Deregister/Unpair

To unpair the existing workstation from the iPhone, the method takes an array of the workstation as a parameter.

HYPRUserAgent.sharedInstance().deregister([workstation], completion: { (error) in
		// Error handling goes here            
})

You may want to deregister the entire profile. To do so you must manually create and add it the next time the user wants to pair the workstation, or it will be created automatically via the licenseConfiguration call, as described in the beginning of this article.

HYPRUserAgent.sharedInstance().deregisterProfile(activeProfile) { (error) in
		// Error handling goes here
}

Limit the Number of Workstations

To limit the number of workstations a user can pair, use the following method:

HYPRUserAgent.sharedInstance().setWorkstationsLimit(NSNumber(integerLiteral: 9))