Skip to main content

Certificate Renewal for the HYPR Mobile App: Admins

User Experience

The Certificate Renewal user experience is detailed under HYPR Passwordless Device Management.

HYPR certificate renewal extends to devices with the HYPR Mobile App (Android and iOS) installed. As with other certificate renewals in HYPR, HYPR Passwordless for Windows will warn the user at 30 days that a pending renewal awaits, and at 7 days, the user will no longer be able to Snooze the message.

How It Works

For HYPR Mobile App authentication, the HYPR Passwordless for Windows client uses certificates issued by the Active Directory (AD) Certificate Authority (CA).

To help ensure the certificate remains valid, HYPR Passwordless will attempt to automatically renew the certificate when the expiration date is approaching, which by default is 30 days in advance. If this action remains incomplete, HYPR Passwordless will actively remind the user until renewal is accomplished. This is governed by manually updating the following registry parameters found under Computer\HKEY_LOCAL_MACHINE\SOFTWARE\HYPR Workforce Access:

  • Reenroll Certificate Before Expiration Days: The number of days before expiration to alert the user; defaults to 30

  • Reenroll Certificate Notify Before Expiration Days: The number of days before expiration to actively request the user to complete their renewal; defaults to 7

Upon identifying that a certificate renewal is required, the following steps occur:

  • HYPR Passwordless will request a new certificate for the user

  • During the next login/unlock session using the HYPR Mobile App, the workstation will transfer the new certificate to the HYPR Mobile App through the Control Center

  • The subsequent login/unlock events using the HYPR Mobile App will use the new certificate to establish the login session

Privacy, Please

Certificate renewal requires participating users to be connected to a secure network (VPN, domain-joined, etc.) to function. Don't worry, though - HYPR will remind them if they are not securely connected.