App User Management
User Management is shown on a per-application basis. It appears in several places throughout Control Center:
- In Standard Mode: Integrations for each integration's associated RP Application
- In Standard Mode: Workstation under the User Management tab
- In Advanced Mode: App Properties for the Application selected under Choose an App
In all cases the experience is the same; clicking a username will reveal their associated authentication methods.
The calls to perform CRUD operations on users, including lists, user alias and email associations, revealing recovery PINs, and locking/unlocking authenticators, can be found under RP Applications > Application Properties > User Management in the HYPR Passwordless API collection.
Calls for Magic Links administration can be found under RP Applications > Advanced Configuration > Magic Links in the HYPR Passwordless API Collection.
View and manage Application user activity. Users are added to the Application via Magic Links or the HYPR Passwordless client. Once they have completed registration via the HYPR Mobile App, they will appear in the table on this page.
In addition to seeing past activity for users, administrators can monitor a user’s login activity, view additional information about the devices they’ve registered, reveal a recovery PIN, or delete the user to prevent future logins.
Monitoring Workstation User Activity
The User Management page shows a list of all users who’ve installed HYPR Passwordless on their workstation and successfully registered a device. You can filter the results for a particular user by entering all or part of their name in the Search field.
The top-level entry for a user will display columns for Email, Username, Name, Device Count, Last Active, and Actions (Delete the user).
| User Columns | Description |
|---|---|
| The user's email address. | |
| Username | Username of the user who logged in to the Application. Workstation Applications show the workstation-authenticated username; Web Applications show the email used to authenticate |
| Name | The full name of the user, if applicable. Defaults to N/A if no value is present. |
| Device Count | The number of devices paired. |
| Last Active | Time the user was last active on the workstation or web |
| Actions | Delete; see Deleting a Workstation User |
Clicking the downward chevron next to the Email entry will expand to display more details about the user's activity. The expanded view lists all devices paired for that user, including fields for Device Name, Last Active, and Delete.
| User Columns | Description |
|---|---|
| Device Name | The name of the device; this is changeable in the user's Device Manager page. |
| Last Active | The last time this device was used. |
| Delete | Delete the device pairing from the user account. |
Clicking the Device Name entry will open a device details dialog that includes two tabs.
Mobile Devices
Details on the phone/tablet, including the ability to delete the paired device, are shown in the following columns:
| Mobile Devices Columns | Description |
|---|---|
| Model | The model of the device (e.g., Moto X or Samsung Galaxy S) |
| Mobile OS | Android or iOS |
| Device ID | The unique identifier for the device. |
| FIDO ID | The unique FIDO identifier for the user. |
| Last Active | The time the device was last used. |
| Date Created | The time the device pairing was created. |
| Authenticators | Icons representing the number of viable methods in use with the pairing. |
| Actions | Delete the device pairing. |
| Workstation ID | The unique identifier for the machine. |
| Workstations | Name(s) of paired workstations. |
| Recovery PIN | Only displays if Recovery Mode is enabled. Displays a button labeled Click to Reveal PIN which, when clicked, will retrieve the recovery PIN if needed |
| Date Created | The time the workstation pairing was created. |
| Actions | Delete the device pairing. This action cannot be undone, and the user must register again to access the Application with this device. |
Security Keys
Details on the security key, smart-card or passkey (including native biometrics), plus the ability to delete the device, are shown in the following columns. In cases where a mobile device is being used as an Enterprise Passkey, it may appear in this list.
| Security Keys Columns | Description |
|---|---|
| Device Name | This will display the manufacturer of the mobile device (e.g., iPhone or Samsung) |
| Firmware | The device's firmware version |
| Model | A breakdown of the Mobile Devices the user has paired with the Application |
| Last Active | (as Last Login, above) Time the user last logged in to the workstation or web |
| Date Created | (as above) Time the user first registered the device to the workstation or web |
| Certificate Serial Number | The certificate's serialized identifier, if present |
| Unlock Code | Only displays if Security Key Recovery Mode is enabled. Displays a button labeled Click to reveal which, when clicked, will retrieve the security key or smart-card's PIN Unlock Key (PUK) if needed (Standard Security Key | YubiKey Bio MPE) |
| Delete | (as above) Clicking the trash can icon will revoke the user's ability to log into workstation or web with this security key or smart-card; this action cannot be undone, and the user must register again to access the Application with this security key or smart-card. |
Deleting a Workstation User
To revoke a user’s ability to login to their workstation using HYPR, click the Delete (trash can) icon at the right side of the user's entry. Confirm the choice by clicking YES, DELETE in the Delete User dialog.
Deleting a login is an irreversible action and cannot be undone. Please make sure the user has a valid password for their workstation account since they’ll no longer be able to use their mobile device to log in.