Delinea Mobile Overview
The Delinea Mobile app provides MFA verification for the Delinea Platform as well as portable access to secrets managed in Secret Server. The app supports the use of multiple Secret Server tenants for users that need access to multiple Secret Server tenants. The MFA function also supports biometric data to make the user experience convenient as well as secure. Once logged in, users can view secrets that they have permission to see in their Secret Server vault. Users can create new secrets directly in the mobile app, as well as organize secrets into folders.
The app can also be set as an auto-fill provider in the mobile device and fill in user-names and passwords for matching secrets. It also includes convenient Time-based one-time password (TOTP) capabilities that can be used with sites and web applications that support TOTP-based authentication
Users can download the Delinea Mobile application from the following sources:
Multi-factor Authentication
The mobile application supports the following MFA mechanisms as used by Secret Server:
- Delinea Mobile Authenticator
Biometric Unlock
The mobile application supports using biometric authentication in place of usernames and passwords.
- Fingerprint (Android and iOS)
- Facial recognition (iOS only, not all phone/iOS combinations)
- The application will auto-reconnect to Secret Server if the connection is temporarily dropped due to network issues.
Autofill
When a user enables their mobile device’s autofill service and then registers Delinea Mobile with that service, users can launch a web session from a secret on the mobile device and automatically populate username and password login credentials on specified web sites or other mobile applications.
When you select the mobile application or web page and click on the username field you should see a prompt from Delinea Mobile to use the autofill service. Click this option to open the mobile app and log in if necessary, and the app runs a search of your secrets for:
- Browser web site - to search for any secret that has the same Domain value in the URL
- Other mobile application - to search for any secret that has the same name or URL value as the name of the mobile application that is being filled.
Users can also choose to manually modify the search value and run it again. Once the list of Secret Server Secrets has been returned, you can select which one you want to use and the autofill service will fill those credentials in the related username and password fields.
Currently the autofill service supports only the username and password fields.
Delinea Mobile Offline Access to Secrets
Delinea Mobile allows users to download secrets and access them when they have no network connectivity on their mobile device.
Downloading Secrets
Users can select individual secrets to download on the Delinea Mobile app. When the Delinea Mobile app detects a lack of network access, it will automatically switch into Offline Mode. In this mode, users can only view secrets they have previously downloaded. Users cannot edit secrets or add new ones in Offline Mode.
The downloaded secrets will have a 'downloaded' icon next to their name in both the secrets list and the secret details. Downloaded secrets will be available offline for a set period of time determined by the configuration settings in Secret Server. The default download expiration is 1 day.
For users to download secrets, they must be granted the 'Access Secrets Offline on Mobile' permission. This permission is not granted by default, even to Administrator roles.
Offline Functionality
When the Delinea Mobile app is in Offline Mode, users can still access the downloaded secrets and use any third-party TOTP codes they have already set up in the app. The MFA code used for the Delinea Platform login will also remain active while the app is in Offline Mode.
Secrets with access restrictions, such as "Requires Comment," cannot be downloaded. Additionally, there are no per-secret controls to enable or disable the downloading function.
