Enroll mobile devices

This topic describes how to enroll iOS and Android devices to CyberArk Identity.

Enrolling your device includes the following benefits:

Device enrollment benefits
Benefit Description

Single sign-on (SSO)

You only have to enter credentials for the app the first time you sign in. CyberArk Identity saves those credentials and automatically signs you in the next time you tap the app tile.

See Manage web apps for more detail.

Secure and convenient authentication mechanisms

Use authentication mechanisms such as push notifications and QR codes to securely access company resources.

See Sign in with multi-factor authentication for more detail.

Remote commands

Send commands from the Identity User Portal to your device. Depending on the enrollment type supported by your organization, commands include:

  • disable SSO

  • lock the device screen

  • wipe the device

See Send commands to devices for more detail.

Contact your IT department to determine whether you should enroll your mobile devices.

Before you begin

Review the following requirements before enrolling devices.

  • If you are enrolling an iOS device that is assigned to the Apple Device Enrollment Program (DEP), you first need to enroll the device with the Apple DEP.

    The Apple Device Enrollment Program is a service provided by Apple. It is designed to help businesses and education institutions easily deploy and manage iPads, iPhones, and Macs. It provides a streamlined way to deploy company-owned Apple devices that your IT department purchased directly from Apple.

    The enrollment procedure depends on how your IT administrator configured the device. Contact your IT department for instructions.

  • Verify that your device(s) are supported.

    See Supported devices for more information.

Enroll your iOS or Android device

Install the CyberArk Identity mobile app to enroll your supported mobile device.

  • You may have a limit on the number and types of devices you can add. For example, your IT administrator can set a policy that limits you to adding only two devices and prohibits iOS devices. Contact your IT administrator for details.
  • If you have enrolled more than one device and want notifications sent to all the devices, your IT administrator must configure this option.
To enroll a mobile device:

Step 1: Install the CyberArk Identity mobile app

Go to Devices, then click Add Devices.

You can install the CyberArk Identity mobile app using SMS, email, QR code, or a direct link to the relevant app store for your device.

Description of the available installation methods

Method

Description

SMS

Enter your phone number (including the country code and area code), and then click Send. CyberArk Identity sends an SMS message to your device with links to the CyberArk Identity mobile app.

Email

Enter an email address that is accessible from your mobile device, and then click Send. CyberArk Identity sends an email with links to the CyberArk Identity mobile app.

QR code

Scan the QR code

Direct link

Click the link to the appropriate app store for your device. If you are signed in to your Google or Apple account in your browser as well as on your device, you can install the CyberArk Identity mobile app from your desktop browser.

Step 2: Enroll the device

Enrollment steps vary depending on whether you have an iOS or Android device.

  1. Open the CyberArk Identity mobile app on your device.
  2. Enroll your device using either a QR code or by entering your credentials.

    If your organization has enabled QR code enrollment, the QR codes for enrollment are available in the Identity User Portal in the following places:

    • User Portal > Devices > Add Devices

    • User Portal > Account > Authentication Factors

  3. Proceed through the prompts until your device is successfully enrolled.

    If your CyberArk Identity administrator has deployed any mobile applications to your device, you are prompted after enrolling to install them. You can install them now or at a later time. See Install mobile applications using Company Apps.

    iOS devices can be configured by your IT administrator to run in kiosk mode. When a device is configured for kiosk mode, the device opens to the CyberArk Identity mobile app when you turn on the device, and it is the only application you can run on the device. You can launch the web and mobile applications assigned to you, however, there are some constraints:

    • There is no Authentication screen in the menu.
    • You can run web applications in the built-in browser only.
    • The Settings page does not offer some options.
    If your organization uses CyberArk Identity for mobile device management, CyberArk Identity installs a set of mobile device policy profiles. The profiles set system preferences that configure communications with your corporate network and might impose restrictions on your use of some device features.
  1. Open the CyberArk Identity mobile app on your device.
  2. Enroll your device using either a QR code or by entering your credentials.

    If your organization has enabled QR code enrollment, the QR codes for enrollment are available in the Identity User Portal in the following places:

    • User Portal > Devices > Add Devices

    • User Portal > Account > Authentication Factors

  3. Proceed through the prompts until your device is successfully enrolled.

    If your organization uses CyberArk Identity for mobile device management, CyberArk Identity installs a set of mobile device policy profiles. The profiles set system preferences that configure communications with your corporate network and might impose restrictions on your use of some device features.

Unenroll your device

Unenroll your device to remove the mobile device policies from your device. Unenrolling does not remove the CyberArk Identity mobile app from your device, nor any mobile applications installed by it. The next time you open the CyberArk Identity mobile app, it prompts you to enroll the device.

The steps to unenroll a device are the same on iOS and Android.

The ability to unenroll your device is controlled by your IT administrator. This option may not be available to you.
To unenroll a device:
  1. Open the CyberArk Identity mobile app on the device.
  2. Tap Settings.
  3. Scroll down and tap Unenroll.

    If you do not see the Unenroll option, it means that you do not have the permission to unenroll this device.

  4. Confirm that you want to remove your profiles.

Uninstall the CyberArk Identity mobile app

You must unenroll your device before you can uninstall the CyberArk Identity mobile app.

After you unenroll the device, you can uninstall the CyberArk Identity mobile app the same way that you would uninstall any other app.

See Unenroll your device for more information.