Idenprotect for Android Quick Start Guide
idenprotect for Mobile
This article explains how to download, configure and use idenprotect for Mobile on your Android device (mobile/tablet).
This article is aimed at Helpdesk/Admin users so it covers both the settings required on the server as well as the enrollment user experience.
idenprotect Core Platform 3.7 or higher idenprotect User Portal 1.05
The idenprotect Core Platform and idenprotect User Portal must be reachable from the device.
The idenprotect for BlackBerry application is available from the Google Play Store. You can click here to open the Google Play Store.
For enrollment policies see User Enrollment Policies configuration on the idenprotect Core Platform
If you are using an email-based enrollment please configure the Email Content Configuration on the idenprotect Core Platform
For BlackBerry, UEM policies see UEM Configuration on the idenprotect Core Platform
When you first open the idenprotect for Mobile application, you will be taken to a "Permissions" screen which will explain the need for the Location and Camera permissions.
Push notifications are used to open the application when the user is required to authenticate. This is not an essential requirement but it does improve the user experience and is automatically set to enabled on Android devices.
Location is used to inform the server of the user's current country. This may be used to support conditional access, eg access only from certain countries. If this permission is not granted the user may not be able to access applications that have this form of conditional access.
The camera is required to allow for the scanning of QR Codes. Click enable permissions and then grant the on-screen permissions like below:
After granting the permissions you will be taken to the "idenprotect QR" screen which will give you more details on how to enroll your device.
Enrolling idenprotect Device
Before you can use the idenprotect for Mobile application, you need to go through the enrollment process. Please remember that you can only enroll once with the same QR Code.
There are three ways to enroll:
- BlackBerry enrollment with Access Key being manually entered by the user (idenprotect for Blackberry)
- BlackBerry enrollment with Access Key with programmatic authentication (idenprotect for Blackberry)
- Non-BlackBerry SAML enrollment (idenprotect)
All of these three journeys can be set up via policies on User Enrollment Policies configuration on the idenprotect Core Platform
If you click on the Scan QR Code button camera will be launched and you can scan a QR code provided via email or onboarding page. After scanning a QR code you will be asked to provide your fingerprint to begin the enrollment process. If you fail your fingerprint more than 5 times, you will need to enter the device security password/pin/pattern to continue.
idenprotect Both (BlackBerry and SAML) Enrollment
After granting the permissions if the idenprotect Core Platform is set up to use an Access Key entered by the user, you will be taken to the BlackBerry Authentication screen, where you have to enter your BlackBerry access key which would be provided to you by your via e-mail ( email field will be prefilled for your) After entering the BlackBerry Access key you will proceed to the BlackBerry enrollment (if idenprotect Core Platform is set up to use programmatic BlackBerry authentication you will be taken to this screen straight away without entering the access key manually)
When BlackBerry enrollment is finished, you would be presented with the idenprotect enrollment screen which tells you what stages of enrollment are complete.
When idenprotect enrollment is complete you will be presented with idenprotect SAML page, which contains a "hamburger" menu and the Scan QR Code button. In the center, you will see idenprotect unlocked which will mean that you have securely authenticated to Blackberry. Towards the bottom of the screen, you will see the device serial number (app-specific), version information, and the Blackberry logo. This screen will also be presented to you if you close the idenprotect for BlackBerry application and re-open it. After clicking the "Click to Authenticate" button in the background idenprotect will generate a new certificate if it is expired or if flight mode is activated. After authenticating with a Fingerprint you will be redirected back to the idenprotect Unlocked screen with a new Ephemeral certificate.
idenprotect Blackberry enrollment
The enrollment process for just Blackberry (without SAML capabilities) is identical except for the final completion screen. Here, the Scan QR code button towards the top of the screen will not be visible.