Registering an Android Device and Using the Delinea Application

You register your device in the Privileged Access Service using the Delinea application. If you have not installed the Delinea application, see Using Devices then return here to complete device registration.

Your organization may also configure mobile device policy profiles. The profiles set system preferences that configure communications with your corporate network and may impose some restrictions on your use of some device features.

Registering Android devices

You use the Delinea application to register your device. If you have not yet installed the Delinea application on your device, go to Using Devices for the instructions.

To register the device:

1. If the Delinea application is not already running, open Apps on the device and tap the icon.

2. Enter your user name and password.

   Your IT administrator will provide you with the user name and password you should use.

   You may choose other authentication methods using the Authentication Method dropdown such as Mobile Authenticator or OATH OTP Client.

3. (Contingent upon configuration) If your systems administrator has enabled the feature, you can register your device without entering your user name and password. Do the following:

   1. Tap Register with QR.

      The scanning tool opens.

      

   2. Scan the QR code on Admin Portal > Profile > Devices > Add Devices.

   3. Click Proceed on the device browser.

      The device registers.

Using the Delinea Application

You use the Delinea application to view and manage system resources from your device. Also, if your IT department requires a one time passcode to log in to the Admin Portal, you use the Delinea application to generate the one-time passcode.

Securing Your Delinea Application

You can secure your Delinea application using a PIN, fingerprint, or Near Field Communication (NFC) tag. The fingerprint option is only supported on iOS / Android devices that have the fingerprint recognition functionality.

To secure your Delinea application:

1. Tap the Delinea application on your device.

2. Tap the menu icon in the upper left corner and click Lock App.

3. Enter a PIN as your primary access method.

4. (Optional if enabled) Register your fingerprint or NFC tag as alternative access methods.

   If fingerprint recognition is available on your device, then we direct you to the device fingerprint registration window.

   If you have an NFC tag, then enter your PIN to register the tag. You can register a maximum of 5 tags.

5. Tap the menu icon in the upper left corner and enable the feature using the Lock App button.

   The setting defined by your system administrator overrides your setting here.

6. (Optional if enabled) Tap Auto-Lock and configure how long you want the Delinea application to be inactive before it automatically locks up.

   You will now be prompted to use one of the configured methods (PIN, fingerprint, or NFC tag) to access the Delinea application.

Changing Your Active Directory or Delinea Application Password

If you have a Privileged Access Service User account, changing your password changes the password you use to open the Delinea application and to register devices. If you have an Active Directory User account, this also changes the password you use to log in to your company account when you start up your computer.

Your IT administrator controls whether or not you can change your password.

If you have an Active Directory User account, you may need to change other passwords as well. For example, if you log in to Outlook with the same account, you’ll need to change that login password to match. Confirm with your IT staff regarding other passwords you may need to change after you change your Active Directory User account password in the Delinea application.

To change your account password on your device:

1. Tap the Delinea application on your device.

2. Tap Settings > Change Password.

3. Enter your current and new passwords.

4. Tap Save.

Checking Out an Account Password

Delinea lets you securely store user name and password combinations in the Privileged Access Service for local accounts. You can use those accounts to log on securely to the servers, switches, and routers you identify as Systems, Domains, and Databases.

In addition, you can check out passwords for Delinea-managed local administrator accounts for registered devices. You can either show the password or copy it to the clipboard, then use it to perform operations that require admin rights.

Checking out an account password requires the following:

• Appropriate administrative rights on the Delinea identity platform.

• Existing access to Delinea privilege service (for Systems accounts).

• The device must be registered in the Privileged Access Service.

• Your authentication mechanisms must be configured for the Delinea application — see Securing Your Delinea Application.

Account Types You Can Check Out

The following are account types you can check out passwords for:

• Tap Systems on the Delinea application to see available systems and check out the password for a stored account.

• Tap Domains on the Delinea application to see available domains and check out the password for a stored domain.

• Tap Databases on the Delinea application to see available domains and check out the password for domains.

  You need view and checkout permission to check out a system, domain, or database password.

When you check out a password, it remains checked out until either you check it back in or the checkout time expires. The maximum check out time is configured by your admin through policy; however, you can extend the checkout time for a password that is currently checked out. When you extend the time, it is reset to the maximum check out time.

Checking Out a Password

For detailed steps on how to check out a password, see Checking Out an Account Password. You can view these operations in the activity stream of the resource in portal. To do this: navigate to a resource, select the resource and choose the Activity tab.

Using Privileged Access Service as an Authenticator

You can use the Privileged Access Service Admin Portal >Profile > Device page to get the one-time passcode (either by scanning an external source's QR code or entering the authentication key information manually). You then can use the passcode to log in to the relevant application or website.

To scan a QR code

To scan a QR code, you must use the Privileged Access Service Admin Portal application on an registered mobile device.

1. Log in to the Privileged Access Service application on your mobile device.

2. Tap Passcodes.

   The Authentication window shows any existing passcodes.

3. Tap the plus icon (+) then tap Scan QR Code.

4. Scan the external source's QR code.

   The Passcodes window shows the newly generated passcode. The newly added authentication account is also added to the Passcodes page in the Accounts section of the Admin Portal.

To enter the authentication key information manually on your mobile device

To enter the authentication key information manually, you can use the Privileged Access Service Admin Portal on your mobile device or computer. See Managing Authentication Keys for information on entering the authentication key information manually using your computer.

1. Log in to the Privileged Access Service application on your mobile device.

2. Tap Passcodes.

   The Passcodes window shows any existing passcodes.

3. Tap the plus icon (+) then tap Enter Authentication Key.

4. Enter the information provided by the application or website.

5. Tap Save.

   The Passcodes window shows the newly generated passcode. The newly added authentication account is also added to the Passcodes page in the Accounts section of the Admin Portal.

Using the Settings Screen

The Settings screen contains device configuration information such as default browser settings, authentication settings, and other useful information.

Login Settings

Contains the Privileged Access Service service URL.

Do not change this setting unless specifically instructed to by your IT department. If the URL is wrong, you cannot use the Privileged Access Service.

Authentication

Lets you configure the following:

• Mobile authenticator — See Using Multi-Factor Authentication

• Application lock settings

  Allows you to configure lock options for the Delinea application on your device. Configurations made by the system administrator override your user configuration.

  See Securing Your Delinea Application for more information.

• Change Password

  Allows you to change your Active Directory or Privileged Access Service account password. See Changing Your Network Login Password.

Browser Settings

You use this option to set your default browser and clear browsing data.

• Tap Default Browser to select the default browser for you device.

• Tap Clear Browsing Data to delete your cache an other browsing data from the built-in browser.

Debug Information

Enables activity logging, lets you send the log file to an email address, and provides GCM and MDM diagnostic information.

Do not change the Enable Debug Logging setting—this value is set by your IT department.

Profile Management

Lets you unregister the device. See Unregistering Your Device for further detail.

Terms

Displays the terms of use.

Using App Lock

This icon locks the Delinea application. If you do not have a PIN configured, then you are prompted to create one. You can also use your fingerprint for authentication if your device supports fingerprinting.

Configurations made by the system administrator override your user configuration.

See Securing Your Delinea Application for configuration information.

Pending Notifications

Notifications to which you have not responded can be accessed via the bell icon. The number associated with the icon shows the number of pending notification.

Tapping the icon displays the notifications. Expired notifications (such as MFA notifications where the default response time is 10 minutes) are grayed out and you cannot take action on them.

Accessing Shortcuts

You can access the following shortcuts by long-pressing the Privileged Access Service application icon:

• Multi-factor access (MFA) options

• Top two frequently used applications

• Pending notifications

Important: This feature is only supported on Android 7.1 and newer.

Unregistering Your Device

Unregistering your device from the Privileged Access Service removes the mobile device policies from your device. It does not, however, remove the Delinea application from your device. The next time you open the Delinea application, it prompts you to register the device.

• The ability to unregister your device is controlled by your IT administrator. This option may not be available to you.

  If you are upgrading the Delinea application from a previous version, remove any version that is version number 13.8 or earlier. The Settings screen in the Delinea application shows the version number.

The following procedure unregisters the device. If you want to uninstall the Delinea application as well, use the standard Android Application manager procedure.

To unregister an Android device:

1. Open the Delinea application on the device.

2. Tap Settings.

3. Scroll down and tap Unregister.

   If you do not see the Unregister option, it means that you do not have the permission to unregister this device.

4. Confirm that you want to remove your profiles.

Uninstalling the Delinea Application

Before you can uninstall the Delinea application from an Android device, you must first unregister the device from the Privileged Access Service — see Unregistering Your Device.

After you have unregistered the device, you use the Android device’s application manager to remove the Delinea application.