Skip to main content

Certificate Renewal for Security Keys

User Experience

The Certificate Renewal user experience is detailed under HYPR Passwordless Device Management.

For HYPR Mobile App authentication, the HYPR Passwordless for Windows client uses certificates issued by the Active Directory (AD) Certificate Authority (CA).

To help ensure security key and smart-card certificates remain valid, HYPR Passwordless will start notifying the user to plug in their key and renew the device's certificate when the expiration date is approaching. If this action remains incomplete, HYPR Passwordless will actively remind the user until renewal is accomplished. This is governed by manually updating the following registry parameters found under Computer\HKEY_LOCAL_MACHINE\SOFTWARE\HYPR Workforce Access:

  • Reenroll Certificate Before Expiration Days:

    • The number of days before expiration to alert the user

    • Snooze option available

    • Defaults to 30

  • Reenroll Certificate Notify Before Expiration Days:

    • The number of days before expiration to actively request the user to complete their renewal

    • Snooze option available

    • A red warning label of Renew Key will appear in HYPR Passwordless over the key's icon in the pairing roster

    • Defaults to 7

  • At 1 day prior to expiration, the Snooze button will no longer be an option; this is not configurable

Privacy, Please

Certificate renewal requires participating users to be connected to a secure network (VPN, domain-joined, etc.) to function. Don't worry, though - HYPR will remind them if they are not securely connected.