Skip to main content
Version: 11.3.0

HYPR Playbooks

Explore our collection of deployment and feature guides. Click a playbook to open it in a new browser tab.


Affirm Playbooks

Identity Verification and Assurance Strategies Playbook

Description:

  • Target audience: IT and security professionals deploying HYPR Affirm for automated, secure, and passwordless identity verification.
  • Provides a comprehensive guide to requirements analysis, verification flow configuration, and integration with identity providers such as Okta and Entra.
  • Details how to leverage HYPR Affirm’s advanced verification methods—including document and facial recognition, location checks, and live chat/video verification—to prevent identity fraud and streamline onboarding, recovery, and administrative processes.
  • Helps organizations achieve enhanced security, improved user experience, and regulatory compliance, with flexible verification flows tailored to their business needs and risk levels.

For more information, see HYPR Affirm.


Affirm to Enterprise Passkey Seamless Integration

Description:

  • Kick off Enterprise Passkey provisioning right after HYPR Affirm verification.
  • Covers configuration of Injectable Outcomes and Magic Link creation to deliver a registration button on the Affirm end screen.
  • Ideal companion to the Enterprise Passkey and HYPR Passkey setup and user experience guides.

Deployment Playbooks

CIAM Deployments for Passkeys Playbook

Description:

  • Target audience: Product and engineering teams deploying passkeys for customer identity workflows (CIAM).
  • Explains user experience flows and key facts about passkeys, including browser and platform variations.
  • Provides configuration steps, sample client code, testing guidance and rollout considerations.

HYPR Passkeys in Okta Environments

Description:

  • Target audience: Enterprise IT administrators and security teams deploying HYPR Passkeys in Okta environments.
  • Demonstrates how enterprises can use HYPR Passkeys in Okta as an alternative to dynamic link-based authentication.
  • Ideal for organizations where dynamic links (HYPRLinks) or QR codes may be problematic or unreliable.
  • Compares HYPR Mobile App flow (dynamic link-based) versus Passkey flow, highlighting that passkey authentication requires no dynamic links or QR codes.
  • Explains how passkey login can be added to existing registrations without disrupting current authentication methods.

Risk-based Authentication Strategies Playbook

Description:

  • Target audience: Security and platform teams deploying risk-based authentication using HYPR Adapt.
  • Covers signal ingestion, policy authoring and safe deployment practices.
  • Includes feature flag and “out of the box” policy reference information.

HYPR Windows Passwordless Login using Smartcard Playbook

Description:

  • Target audience: IT administrators deploying smart card and certificate-based passwordless authentication on Windows.
  • Covers environment readiness, installation, pairing and validation.
  • Includes guidance for remote desktop access, roaming users and operational best practices.

Enterprise Passkey and HYPR Passkey Playbook

Description:

  • Target audience: IT administrators and security teams deploying passwordless sign-in on Windows with Microsoft Entra ID
  • End-to-end setup for Enterprise Passkey and HYPR Passkey
  • Includes Administrator configuration, User experience, and Troubleshooting guides
  • Covers Microsoft Entra ID, HYPR Control Center, HYPR Mobile App, and HYPR Passwordless for Windows
  • Supports non-domain-joined, on-premises Active Directory, Entra domain-joined, and hybrid-joined workstations
  • Enables mobile-as-passkey with web-to-workstation and workstation-to-web flows, including Magic Links

Simplifying User Experiences with Single Registration Playbook

Description:

  • Target audience: IT administrators and security architects who want to streamline passwordless authentication across both desktop and web applications.
  • Provides step-by-step guidance for deploying and configuring HYPR's single registration, allowing users to register their mobile device once and gain passwordless access to both their workstation and protected web applications.
  • Covers both workstation-to-web and web-to-workstation registration flows, prerequisites, configuration steps, and integration with HYPR Enrollment Service.
  • Helps organizations reduce user friction, enhance security, and simplify the onboarding and authentication experience for their workforce.

For more information, see Single Registration.


Integration Playbooks

Microsoft Sentinel Integration

Description:

  • Target audience: Security engineers integrating HYPR audit events into Microsoft Sentinel.
  • Forwards HYPR Event Hook payloads through an Azure Logic App into a Sentinel workspace using OAuth client credentials.
  • Includes the request-body JSON schema, the Logic App Compose projection, the Send-to-Sentinel action options, and the HYPR Event Hook configuration body.

Citrix Smart Card Hook Disable

Description:

  • Target audience: IT administrators running HYPR Passwordless on Citrix VDA environments with virtual smart card authentication for RDP / Windows logon.
  • Disables the Citrix Smart Card Hook on VDAs so HYPR's virtual smart card is presented to the Windows logon stack inside Citrix sessions.
  • Includes registry backup, disable steps for 64-bit and 32-bit hooks, validation, operational considerations, and rollback.

Okta Custom HYPR Attribute Bulk Update

Description:

  • Target audience: IT administrators bulk-updating an Okta user-profile custom HYPR attribute (default: clear the HYPR device-registration flag).
  • PowerShell-based bulk update reading user logins from a CSV.
  • Adaptable for any custom Okta attribute and any value supported by the Okta profile schema.

Azure Blob CRL Distribution

Description:

  • Target audience: PKI administrators publishing CRLs from an on-prem AD CS CA to Azure Blob Storage for downstream consumption (typically Entra Certificate-Based Authentication revocation checks).
  • Covers Storage Account + Blob container setup with anonymous HTTP read, App Registration + RBAC for Service Principal auth, and Task-Scheduler-driven AzCopy automation.
  • Includes a complete reference Publish-CRL.ps1 automation script.

HYPR Integration with SIEMs (legacy reference)

Description:

  • Target audience: Security engineers and IT administrators integrating HYPR event data with SIEM systems
  • Provides step-by-step instructions for configuring HYPR Event Hooks to stream real-time authentication and security events to SIEM platforms such as Splunk, Datadog, Crowdstrike, and Cribl using web hooks and HTTP Event Collectors
  • Covers setup, parser configuration, and best practices for long-term event storage and analysis
  • Enables organizations to enhance visibility, support compliance, and strengthen their security posture by leveraging HYPR event data within their existing SIEM infrastructure

Entra HYPR Enterprise Passkey in Control Center (legacy reference)

Description:

  • Target audience: IT administrators and security professionals responsible for integrating passwordless authentication in Microsoft Entra environments.
  • Guides organizations through enabling HYPR Enterprise Passkey (FIDO2 Mobile Authenticator) so that mobile devices can act as FIDO2 security keys for Windows workstations, including non-domain-joined, on-premises Active Directory, Entra domain-joined, and hybrid-joined setups.
  • Provides step-by-step instructions for configuring both Microsoft Entra and HYPR Control Center.
  • Ensures secure, passwordless authentication across various workstation types.
  • Results in enhanced security, streamlined user login experiences, and compliance with modern authentication standards using mobile devices as strong, hardware-backed passkeys.

For more information, see Enterprise Passkey User Experience.


End-User Playbook

End User Playbook: Setting Up Passwordless Login

Description:

  • Target audience: End users and employees setting up passwordless login for the first time
  • Simple, step-by-step instructions for pairing your mobile device with your workstation
  • Covers downloading the HYPR Mobile App, enabling passkeys, and pairing your phone
  • Includes multiple setup flows: workstation pairing, Magic Links, web applications, and identity verification
  • User-friendly troubleshooting tips and common questions
  • Perfect for employees who need to set up passwordless login without technical knowledge

If you have any suggestions regarding existing or any future playbooks you would like to see uploaded here, contact us at support@hypr.com or visit support.hypr.com