Certificate Renewal for Security Keys

For security key authentication, the HYPR Workforce Access Client (WFA) application for Windows uses certificates issued by the Active Directory (AD) Certificate Authority (CA). To help ensure the certificate remains valid, WFA will display a warning over the pairing icon, and the application will also display a tray notification prompting the user to renew when the expiration date is within 30 days.

In both cases, clicking Renew Key will trigger a manual renewal of the expired certificate.

As the expiration date approaches the Snooze button will not appear, and the notification will not automatically dismiss itself if the user waits, forcing them to acknowledge it and go through the renewal process.

When the user clicks Renew Key, the Workforce Access Client checks to make sure the security key is plugged onto the workstation then prompts the user to enter their PIN.

If the PIN is valid, the Workforce Access Client automatically communicates with the CA to obtain a new certificate and place it on the device.