Chat now with support
Chat with Support

Enterprise Single Sign-On 9.0.2 - QRentry Users Guide

Preface_1 QRentry Overview Preparing the mobile device to use Using Enterprise SSO for Mobile Devices Using QRentry Authentication Manager Managing Mobile Devices

Allowing users to log on as a local administrator

Allowing users to log on as a local administrator


This section is intended to EAM administrators. It explains how to configure an Access Point Security profile to allow users to log on as local administrator on a set of computers.

Before starting
  • You have the following administration role:
    • In classic administration mode: Security object administrator.
    • In advanced administration mode, your role must contain the following right: Access point security profile: creation/modification.
  • An Access Point security profile is created.

IMPORTANT: You have allowed users to enroll mobile devices (see Allowing users to enroll a mobile device).

  1. In the EAM console, click the Access Point Security Profile that contains the computers for which you want to enable the local administration access using QRentry.
  2. Click the Local Administrators tab.
  3. Complete the tabbed panel as follows:

  1. In the Group area, use the Add and Remove buttons to manage the Active Directory groups that contain the members who will have the permission to use the local administrator account.


  • You can use the same group for several access point security profiles.
  • You can remove several groups at once using the Ctrl and Shift keys.


  1. Create a local administration access role using the Manage button.

NOTE: Each role is associated with a local administration key pair. This is why you must create at least one role for the selected access point security profile.

  1. Set the length of the one-time code that is generated to provide the local administration access.
  1. Click Apply.


Enrolling your mobile device for local administration access

Enrolling your mobile device for local administration access

Before starting

You have enrolled your mobile device as detailed in Enrolling your mobile device.

  1. Right-click the Authentication Manager icon located in the notification area, and select Mobile Device Enrollment.

The following window appears:

  1. In the Administration access area, select a computer profile name and click Enroll.
  2. Complete the enrollment wizard.

IMPORTANT: When your mobile device is enrolled, you are ready to log on as local administrator on any computer allowed by the security policy defined by your EAM administrator.


Logging on as local administrator with your mobile device

Logging on as local administrator with your mobile device


This section explains how to use QRentry to log on as a local administrator to Windows.

Before starting
  • QRentry is installed on your mobile device.
  • Your mobile device is enrolled.
  • You own a local administrator private key.

Without the network

Without the network


NOTE: Depending on the security policy of your company, the steps to access QRentry may be slightly different.

  1. If required, press Ctrl+Alt+Del.

The log on screen of the last authenticated user appears.

  1. Click on Other user (or press Esc) to display the welcome screen.
  2. Enter your user name and click Sign-in options to display all the authorized authentication methods:

  1. Click on Telephone or tablet.

The following authentication screen appears:

  1. Enter your user name, select the Connect as a local administrator check box and press Enter. The following window appears.

  1. From your mobile device, start the QRentry application and scan the displayed QR code.

A one-time code appears on your mobile device.



  1. Enter the displayed code in the Code field and press Enter.

You are logged on to Windows as a local administrator.

NOTE: The local administrator account is created dynamically. Its name is UA administrator. The local administrator password is not stored.



Related Documents