8.1.0 Release Notes

What's New?

Release DateProduct/VersionPlatformNotes
March 29, 2023HYPR Workforce Access Client for Windows 8.1.0Windows (10, 11)Reboot required if upgrading from 7.6 or below; Security Key Support for Yubikey 5 Plus and Feitian ePass K9 Plus, K40 Plus and their offshoots
March 29, 2023HYPR Workforce Access Client for Mac 8.1.0macOS (High Sierra, Mojave, Catalina, Big Sur, Monterey, Ventura)Security Key Support for Yubikey 5 Plus and Feitian ePass K9 Plus, K40 Plus and their respective offshoots
March 29, 2023HYPR Mobile App for Android 8.1.0Android 8.0+
March 29, 2023HYPR Mobile App for iOS 8.1.0iOS 12.4+
March 29, 2023HYPR Server 8.1.0ServerUpgrade to 7.10 required before upgrading to 8.0.0 or higher
March 29, 2023HYPR Android SDK 8.1.0Android 8.0+
March 29, 2023HYPR iOS SDK 8.1.0iOS 12.4+


Backward Compatibility

All HYPR components are fully compatible across the three previous/subsequent minor (X.X) HYPR releases.

New Features

(HYPR Mobile App - All) My Security Keys section in the HYPR Mobile App menu
HYPR Mobile App now includes a menu category, My Security Keys which displays paired security keys, including HYPR Enterprise Passkeys.

(HYPR Mobile App, HYPR iOS and Android SDK) QR Fallback
When pairing with a QR Code via either the HYPR Device Manager/Magic Link or via the Workforce Access Client, or logging into a workstation using a QR Login, but the user cannot use the device's camera, an option is provided to initiate a manual activation code entry. The code is presented to the user on-screen, and then entered into the HYPR Mobile App to complete pairing or authentication. Additionally, when using a Keycloak authentication flow, the UI has been updated to honor QR Fallback via the HYPR Mobile App.

(Platform) HYPR Enterprise Passkey
HYPR is proud to present a unique offering that will turn your device's HYPR Mobile App into a security key when authenticating via Azure AD. This method is certified as a Microsoft-compatible FIDO2 security key.

HYPR plans to extend this functionality across other IdPs in the near future.

(Platform - Integrations) User Enrollment Drawer
HYPR Integrations now offer a more standardized experience around Integrations' Enroll Users drawer. Users can now be added in bulk or individually, and can be uploaded using a .csv file. Enrolling users can be done regardless of the Enabled/Disabled state of the integration.

(Workforce Access Client - Windows) Non-exportable Private Keys / Certificate Template for Security Keys
When enabled, non-exportable private keys prevents the private key stored on a physical security key from being exported; likewise, the key is generated on the security key, so it never leaves, and never can. This feature is mutually exclusive to Recovery PINs.


(Control Center) FIDO2 Configuration Options
FIDO2 Settings now includes more robust FIDO2 configuration options in addition to the Client Origin URL:

  • Discoverable Credentials
  • User Verification Mode
  • Attestation Type

All of these properties are also reflected under integrations' Login Settings -> FIDO2 Settings panel. See FIDO2 Settings for a full description.

(Control Center) Support for Multi-region Installations
Multiple servers in different regions replicate the database to guarantee persistence for enrolled users.

(Platform - Integrations - Azure AD) HYPR Native Login (previously existing Azure AD Integration)

  • Azure AD Integration is now entitled HYPR Native Login; it optionally can take advantage of Conditional Access Policy Templates
  • The Domain Name Administrator role must be added to the HYPR Service Account in Azure, or CC will generate an error stating, "Insufficient privileges to complete the operation," when attempting to Enable or Disable the Integration

(Workforce Access Client - Mac) Security Key Support on macOS
macOS users now can enjoy basic workstation Security Key support for verified PIV-capable security key models. See Requirements for the full list of supported models. macOS Security Key Support does not include the following functionality:

  • Recovery PINS for security keys
  • Non-exportable private keys
  • Certificate Renewal for security keys


Indicates when a QR fallback cache request is made, regardless of whether the attempt was successful or not. This is handled entirely by Control Center and occurs when the new endpoint /rp/device/pendingqr receives a request.

For a full list of HYPR Events, see Event Descriptions.

Error Messages

  • (HYPR Mobile App for IOS - QR Fallback) 101089: HYPRErrorUserAgentManualCodeEntryFailed

To see all HYPR errors by component, see HYPR Error Codes Troubleshooting Table.


  • FIDO2 /attestation/result request accepts three new fields: transports, authenticatorAttachment, and clientExtensionResults
	"response": {  
		"transports": [...]  
	"authenticatorAttachment": ...,  
	"clientExtensionResults": {  
		"credProps": {  
			"rk": true  
  • FIDO2/assertion/result request accepts a new field: authenticatorAttachment

You can find detailed descriptors of these and other API calls in HYPR's full Postman API set here.

General Improvements

  • (Control Center) Sensitive or redacted attributes don't appear in the log clear text; unknown values default to an empty value
  • (Device Manager) "Begin Pairing" has been removed and the QR code now auto-refreshes every 60 seconds
  • [HYPR Mobile App] Improved labeling of the Support button to bolster Accessibility support
  • (Platform - Integrations - Okta) Add "Desktop SSO" capability to "Login Settings"
  • (SDK for Android) Allow Background to Cancel registration
  • (Workforce Access Client for Mac) Support for macOS Ventura (v.13)

Upcoming Changes

Early Access: Single Registration
HYPR now only requires a pairing in one component of the HYPR system, instead of pairing separately with the Device Manager or the Workforce Access Client. When paired in one, you will be automatically prompted to complete the pairing on the other, and thereafter that pair will appear universally in all HYPR authentication options for that RP Application.

HYPR Branding Changes
You may have noticed HYPR content shifting to include a fingerprint theme; likewise, we are changing some of our product names in 8.2.0 to standardize their labeling. Some are still the old familiar titles you know and love.

We've included the full list here:

New HYPR NameLegacy HYPR Server Name
HYPR CloudHYPR Cloud
New HYPR NameLegacy HYPR Mobile App Name
HYPR for iOSHYPR Mobile App for Android
HYPR for AndroidHYPR Mobile App for iOS
HYPR Enterprise PasskeyHYPR FIDO2 Mobile Authenticator
New HYPR NameLegacy HYPR Workforce Access Client Name
HYPR Passwordless for WindowsHYPR Workforce Access Client for Windows
HYPR Passwordless for MacHYPR Workforce Access Client for Mac
New HYPR NameLegacy HYPR SDK and API Names
HYPR SDK for AndroidHYPR SDK for Android
HYPR SDK for GolangHYPR SDK for Golang
HYPR SDK for JavaHYPR SDK for Java
HYPR SDK for JavaScriptHYPR SDK for JavaScript
HYPR SDK for PythonHYPR SDK for Python
HYPR Server APIsServer API
New HYPR NameLegacy HYPR Integration Name
HYPR for OktaOkta
HYPR for WorkspaceGoogle Workspace
HYPR for OneLoginOneLogin
HYPR for AzureAzure
HYPR for Ping DaVinciPing DaVinci
New HYPR NameLegacy HYPR Feature Name
HYPRspeedDesktop SSO
New HYPR NameLegacy HYPR Plugin Name
HYPR for Ping FederatePing Federate
HYPR for SiteMinderSiteMinder
HYPR for ForgeRockForgeRock

Bug Fixes

  • (Platform - Integrations - Azure) QR authentication remains functional after updating the integration
  • (Platform - Integrations - OneLogin) User roles added when the integration was enabled persist when the integration is disabled
  • (Platform - Integrations - Ping DaVinci) Redirect URLs are now validated before being allowed
  • (Workforce Access Client - Mac) When using Touch ID, the login dialog no longer persists
  • (Workforce Access Client - Windows) User presence check during registration is no longer broken by Windows Update

Known Issues

  • (Workforce Access Client - All) QR Fallback APP NAME value, if long enough, cuts off at the edge of the dialog box instead of wrapping
  • (HYPR Mobile App - Android) QR Fallback PIN must be lowercase but allows uppercase characters; if the PIN is not all lowercase, the Submit button will not activate
  • (Workforce Access Client - macOS) If a user is paired with more than one device (either security key or mobile phone), macOS might prompt the user for a password to unlock the keychain; this occurs because the operating system ties the keychain token to only one unique certificate, while each HYPR device certificate pair is unique