Certificate Renewal for the HYPR Mobile App: Users
HYPR certificate renewal extends to devices with the HYPR Mobile App (Android and iOS) installed. As with other certificate renewals in HYPR, HYPR Passwordless for Windows will warn the user at 30 days that a pending renewal awaits, and at 7 days, the user will no longer be able to Snooze the message.
To configure the Certificate Renewal user experience, see Certificates in HYPR.
Certificate renewal requires participating users to be connected to a secure network (VPN, domain-joined, etc.) to function. Don't worry, though - HYPR will remind them if they are not securely connected.
Workstation certificate operations appear under RP Applications > Workstation > Certificates in the HYPR Passwordless API.
HYPR Passwordless Client Warnings
The user will receive warnings from the system tray when a certificate must be renewed, or if conditions prevent the update.
Lock and Unlock the Computer
The following message displays upon successful certificate renewal:
"Please lock your computer and unlock it with HYPR Mobile App to complete an update."
-
Click OK.
-
Lock the computer, then unlock it with the HYPR Mobile App to complete re-enrollment.
-
Users don't need to do anything else until the next time the certificate must be renewed.
HYPR Account Update Needed
The following message displays if the user is not securely connected:
"Please connect to the company intranet or VPN to renew your HYPR account. If your account expires, you will be unable to log in with your HYPR Mobile App."
-
Click Remind Me Later to dismiss the message until later.
-
Click OK to dismiss the message without a reminder.
-
If you cannot update your account, you may need to contact an admin for assistance before renewing the HYPR Mobile App certificate.
Automatic Account Update Failed
The following message displays when certificate re-enrollment fails:
"There is a problem attempting to renew your HYPR account. It may result in you being unable to log in with your HYPR Mobile App. Please ensure that you're connected to the company's secure network."
-
Click Remind Me Later to dismiss the message until later.
-
Click Contact Support to get assistance with your HYPR account.
Environmental Considerations
Certificate Renewal with Roaming Access
Roaming access is not adversely affected by Mobile Certificate Renewal; however, the workstation that performs the certificate renewal will act as the "origin point" for certificate transfers needed to enable roaming access. Notifications may appear wherever the affected user is logged in, but renewal must be performed at the original workstation by which the certificate was introduced to HYPR.
HYPR Versioning Limits
Mobile Certificate Enrollment may not function as expected if the HYPR components involved in the process are not of a version that supports the functionality. Make sure all HYPR components (Control Center, HYPR Passwordless, and the HYPR Mobile App) are all on the latest version in your environment.
Troubleshooting
The current certificate is expired but the new certificate is not generated.
This can occur for the following reasons:
-
The user was absent for extended period of time (e.g., sabbatical)
-
The computer is used rarely (e.g., as a second computer)
-
The computer was not on corporate network for a while (required to connect to Active Directory)
Nothing can be done to automatically re-enroll in such circumstances, except to notify the user to connect to corporate network or use VPN to re-enroll a new certificate.