Send commands to devices

This topic describes how to send commands to your enrolled device from the Identity User Portal. For example, you can wipe the device if it is lost or stolen.

The available commands depend upon the following:

Whether your organization is using CyberArk Identity for mobile device management
The type of device you have enrolled
The device policies that your IT administrator has enabled for you

To send commands to your enrolled device, go to Devices and right-click the target device to see a drop-down list of available commands.

The following table lists all of CyberArk Identity commands for all devices. If the command is not displayed in the pop-up menu, it is not available for that device.

Description of available device commands
Command	Purpose
Delete	Remove the device listing. If your organization uses CyberArk Identity for device management, this command is available only for unreachable and unenrolled devices. When the device is enrolled, this command does not display. Deleting a device does not remove the CyberArk Identity mobile app or mobile applications that you installed using the CyberArk Identity mobile app. If you try to open the CyberArk Identity mobile app after deleting the device, it prompts you to enter your login credentials to enroll the device again.
Update Policies	Update your device with the latest mobile device policies.
Reset Passcode	Reset the passcode that opens the device. Use this command to create a new passcode if you forgot it. The use of this command is controlled by your IT administrator. This command may not be available to you. This command cannot be used to override a remote lock and is not available for macOS devices.
Lock Screen	Lock the mobile device screen so a user cannot access it (for example, if your device is lost or stolen). Remote lock is identical to locking it manually on the device. For macOS users only: The Lock Screen command only works when the current macOS version has a recovery partition. When you send the Lock Screen command to an macOS device, a pop-up window displays, prompting you to enter a six-digit PIN code, then the computer restarts. Create a code that is all numbers - and special characters are invalid. After the restart, enter your PIN to unlock the computer.
Wipe Device	Remove all user data and restore the device to its shipping default state. The use of this command is controlled by your IT administrator. This command may not be available to you. For macOS users only: The Wipe Device command only works when the current macOS version has a recovery partition. When you send the Wipe Device command to an macOS device, a pop-up window displays, prompting you to enter a six-digit PIN code, and then the computer restarts. Create a code that is all numbers - alphabetic and special characters invalid. After the restart, enter your PIN. This unlocks the computer, performs another restart, and then displays the OS install screen.
Unenroll Device	Remove all mobile device policies from the device and change the state to Unenrolled. To use the CyberArk Identity mobile app again, you must re-enroll the device. The use of this command is controlled by your IT administrator. This command might not be available to you.
Lock Client App	Locks the CyberArk Identity mobile app on the device. This command is only available on iOS and Android devices.
Reset Client App PIN	Resets the passcode for the CyberArk Identity mobile app on the device. This command is useful when you forget your passcode. This command is only available on iOS and Android devices.
Email Device Log	Sends the device log file in the device to an email address. You specify the email address when you click the command. You can also set an option to send the log file when the device is on Wi-Fi only.
Disable SSO	Disable single sign-on (SSO) for web applications listed in the CyberArk Identity mobile app. This command is helpful if your device is lost or stolen. After you send this command, an error message displays on the device to indicate that single sign-on is not available. The user cannot sign in to any application that requires authentication until single sign-on is enabled again.
Enable SSO	Enable single sign-on (SSO) for the web applications listed in the CyberArk Identity mobile app. By default, SSO is turned on. You would only need to use this command if you previously used Disable SSO.