Unlocking with a Recovery PIN

Using HYPR Passwordless

HYPR’s Recovery PIN functionality gives users temporary access to their workstation if they don’t have their mobile device or if they need to replace it with a new one for any reason. Recovery PINs are auto-generated by the HYPR Mobile app and stored on the server for retrieval by an Administrator when needed.

πŸ“˜

Recovery Mode

To make Recovery PINs available to end users, an Administrator must first enable Recovery Mode on the Control Center Workstation Settings screen. The feature is disabled by default.

Generating Recovery PINs

The initial Recovery PINs are generated automatically when the user first pairs the HYPR Mobile App or security key with the workstation.

745

The PINs are subsequently regenerated each time the user authenticates the machine with HYPR.

745

πŸ“˜

Machine-specific PINs

Because PINs are tied to a specific username/machine name combination, they’re only valid for one workstation. Users will need a different PIN for other workstations even if they share the same domain.

Requesting a Recovery PIN

To request a Recovery PIN, the user must contact the Administrator and provide the Machine Name and Username for the workstation that needs to be unlocked. This information can be displayed by clicking the Don't have your phone? link on the workstation login screen.

389

Get the Username or Machine Name with an API Call

If the user isn’t able to provide both the username and machine name for some reason, the Administrator can retrieve one or the other via the HYPR API.

To retrieve the username for a given machine (server) name, use this endpoint:

{{url}}/rp/api/oob/client/devices/{{rpAppId}}/{{machineName}}

To retrieve the machine (server) name for a given username, use this endpoint:

{{url}}/cc/api/versioned/rpUser/{{username}

For more information, please see the Authentication > Devices and RP Applications > User Management sections in the HYPR Passwordless APIs documentation.

Retrieving the Recovery PIN

After receiving the username and machine name from the user, the administrator can retrieve the Recovery PIN from the User Management page in the Control Center.

330

Using the Recovery PIN to Log in

After receiving the PIN from the Administrator, the user enters it on the login screen to unlock the workstation.

185

Note that the PIN validity period starts counting down as soon as the user logs in for the first time. (See Recovery PIN Lifespan on the Control Center Workstation Settings screen.)

Changing the Recovery PIN Label

In the Windows registry under HKEY_LOCAL_MACHINE\SOFTWARE\HYPR Workforce Access\Recovery Pin Text, type in the field the text you wish to display in lieu of, "Please contact support to request a recovery PIN."

The second sentence always remains: "You will need to provide your help desk the following details."