Idenprotect for Android Quick Start Guide

From idenprotect Knowledge Base
Jump to: navigation, search

idenprotect for Mobile

This article explains how to download, configure and use idenprotect for Mobile on your Android device (mobile/tablet).

This article is aimed at Helpdesk/Admin users so it covers both the settings required on the server as well as the enrollment user experience.


idenprotect Core Platform 3.7 or higher idenprotect User Portal 1.05

The idenprotect Core Platform and idenprotect User Portal must be reachable from the device.


The idenprotect for BlackBerry application is available from the Google Play Store. You can click here to open the Google Play Store.

Enrollment Policies

For enrollment policies see User Enrollment Policies configuration on the idenprotect Core Platform

If you are using an email-based enrollment please configure the Email Content Configuration on the idenprotect Core Platform

For BlackBerry, UEM policies see UEM Configuration on the idenprotect Core Platform

Getting Started

When you first open the idenprotect for Mobile application, you will be taken to a "Permissions" screen which will explain the need for the Location and Camera permissions.

Push notifications are used to open the application when the user is required to authenticate. This is not an essential requirement but it does improve the user experience and is automatically set to enabled on Android devices.

Location is used to inform the server of the user's current country. This may be used to support conditional access, eg access only from certain countries. If this permission is not granted the user may not be able to access applications that have this form of conditional access.

The camera is required to allow for the scanning of QR Codes. Click enable permissions and then grant the on-screen permissions like below:

Grant permissions to use the app.

After granting the permissions you will be taken to the "idenprotect QR" screen which will give you more details on how to enroll your device.

Scan QR Activity

Enrolling idenprotect Device

Before you can use the idenprotect for Mobile application, you need to go through the enrollment process. Please remember that you can only enroll once with the same QR Code.

There are three ways to enroll:

  • BlackBerry enrollment with Access Key being manually entered by the user (idenprotect for Blackberry)
  • BlackBerry enrollment with Access Key with programmatic authentication (idenprotect for Blackberry)
  • Non-BlackBerry SAML enrollment (idenprotect)

All of these three journeys can be set up via policies on User Enrollment Policies configuration on the idenprotect Core Platform

If you click on the Scan QR Code button camera will be launched and you can scan a QR code provided via email or onboarding page. After scanning a QR code you will be asked to provide your fingerprint to begin the enrollment process. If you fail your fingerprint more than 5 times, you will need to enter the device security password/pin/pattern to continue.

Enter fingerprint to continue with enrollment.

idenprotect Both (BlackBerry and SAML) Enrollment

After granting the permissions if the idenprotect Core Platform is set up to use an Access Key entered by the user, you will be taken to the BlackBerry Authentication screen, where you have to enter your BlackBerry access key which would be provided to you by your via e-mail ( email field will be prefilled for your) After entering the BlackBerry Access key you will proceed to the BlackBerry enrollment (if idenprotect Core Platform is set up to use programmatic BlackBerry authentication you will be taken to this screen straight away without entering the access key manually)

When BlackBerry enrollment is finished, you would be presented with the idenprotect enrollment screen which tells you what stages of enrollment are complete.

Enrollment Screen

When idenprotect enrollment is complete you will be presented with idenprotect SAML page, which contains a "hamburger" menu and the Scan QR Code button. In the center, you will see idenprotect unlocked which will mean that you have securely authenticated to Blackberry. Towards the bottom of the screen, you will see the device serial number (app-specific), version information, and the Blackberry logo. This screen will also be presented to you if you close the idenprotect for BlackBerry application and re-open it. After clicking the "Click to Authenticate" button in the background idenprotect will generate a new certificate if it is expired or if flight mode is activated. After authenticating with a Fingerprint you will be redirected back to the idenprotect Unlocked screen with a new Ephemeral certificate.

Main Page (App Type: Both)

idenprotect Blackberry enrollment

The enrollment process for just Blackberry (without SAML capabilities) is identical except for the final completion screen. Here, the Scan QR code button towards the top of the screen will not be visible.