LAPS Portal mobile application

LAPS Portal has mobile client which works under Android and iOS devices. Main features of LAPS mobile client:

  • secure access to passwords managed by MS LAPS: in addition to TLS encryption all passwords are additionally encrypted with AES algorithm with unique device key per user. This device key is generated during device enrollment process and stored in secure way at mobile device. On iOS key is stored directly in the KeyChain. On Android key itself is encrypted with random 256-bit AES master key which is encrypted with a device-generated RSA (RSA/ECB/PKCS1Padding) from the Android KeyStore. The combination of the encrypted RSA(AES(master key)) and AES(device key) are stored in SharedPreferences.
  • PIN protection. If device has fingerprint scanner it will be automatically used by application
  • ability to get LAPS passwords in a convenient and secure way using mobile device
  • ability to setup password new expiration date
  • login to LAPS Portal with help of confirmation of push notification

LAPS mobile application enrollment

There are two way how to start use LAPS mobile application

  1. Go to Profile settings -> Mobile, press “Enroll mobile device” and scan generated QR code at mobile device
_images/profile_menu.png _images/laps_mobile_enroll_qr.png
  1. Enter External Portal URL configured at Administration->Communications->Mobile to mobile device URL field, fill username, password and OTP
_images/laps_mobile_enrollment.png

LAPS mobile application usage

  1. Enter PIN or use your fingerprint to login to LAPS Mobile
_images/laps_mobile_login.png
  1. Enter computer name and press find button
_images/laps_mobile_app.png