User Guide

Identity Guardian 1.6

Overview

Administrators configure Identity Guardian and set up profiles for shared or personally assigned devices through Managed Configurations.

Each user must complete a one-time enrollment before authenticating and signing in. For those opting for facial biometrics, customizable Terms and Conditions must be accepted. Once enrolled, users can sign in and out of the device as needed.

Streamline the enrollment workflow with the Identity Guardian QR Print (IGQRPrint) app, a companion to Identity Guardian. It enables direct printing, previewing, and resizing of barcodes, supporting both Zebra and non-Zebra printers, along with seamless barcode sharing.

This section also discusses features available to streamline the authentication process.

User Enrollment

The user enrollment procedure varies depending on the device access method:

  • Shared Device
  • Personally Assigned Device


Shared Device

Before users can sign in or authenticate on a shared device, they must first enroll with Identity Guardian. There are 2 methods for enrolling users on shared devices:

  • Standard Enrollment - Users enroll on a designated device using the Enrollment profile set up by their administrator. They can then authenticate on their shared device where the Authentication profile has been deployed.
  • Self-Enrollment - Both enrollment and authentication are performed directly on the shared device, streamlined by the Authentication profile deployed by the administrator.

Once enrollment is complete, the user is offered the option to print or share the barcode if the Identity Guardian QR Print (IGRQPrint) app is installed.

Standard

After administrators deploy specific settings through a standard enrollment profile to a device designated for user enrollment, follow these steps to enroll users (steps may vary depending on the options configured):

  1. In Identity Guardian, tap Start. image
  2. (Optional) This is a 6 digit PIN set by the administrator. Tap Continue. image
  3. Setup ID and passcode:
    • Enter ID or email
    • (Optional) Select the appropriate user role (options vary based on your adminstrator setup)
    • (Optional) Enter the expiration date for the barcode. This applies for temporary users.
    • Create a passcode based on the requirements set by the administrator.
    • Re-enter the passcode image
  4. (Optional) Capture facial biometrics. If opting out, tap Skip and skip to step 7 below. Otherwise, tap Add and continue with the subsequent steps. image
  5. Read the Terms & Conditions. Tap Confirm to accept. image
  6. Position your face within the device screen for the photo capture. Capture 1 to 3 facial photos that may vary based on the individual's look, for example, with eyeglasses, hat, etc. Confirm the photo capture(s). Tap Add to capture additional photos. Tap Next when done. image
  7. The user barcode is generated and saved as a PDF file in the /enterprise/usr/profiles folder on the device. Tap Next. image
  8. Complete the enrollment process by choosing one of the following:
    • To print or share the barcode, tap Save & Open. After IGQRPrint app opens, proceed to the Print & Share Barcode section. Note: This requires installation and configuration image
    • To end the process without printing or sharing the barcode, tap Save then tap Continue to complete the process.
      image       image

After completing enrollment, the user can then sign in to the shared device where the administrator has deployed the authentication profile.


Self-Enrollment

Users can self-enroll directly from the lock screen on shared devices, allowing for immediate enrollment and authentication on the same device. This streamlines the process by eliminating the need for separate Enrollment and Authentication profiles. Administrators activate this feature through specific settings through a Self-Enrollment Profile deployed to the devices.


Usage
  1. Self-Enrollment:
    • On the lock screen, tap the menu icon in the top right corner and select Enroll User. image
    • Enter the user's SSO login credentials. image
    • Provide the requested information for enrollment, then tap Next:
      • Employee ID or Email - This is populated based on the user ID entered in the SSO login screen
      • Role - This is populated based on the user ID entered and their role mapped in their SSO provider.
      • Create Passcode - Enter a passcode to create.
      • Re-enter Passcode - Enter the same passcode again.
        image       image
    • Tap Add. image
    • Tap Confirm to accept the Terms & Conditions, then perform a facial capture. Tap Next. image
  2. Generate Enrollment Barcode: The user barcode is generated and saved as a PDF file in the /enterprise/usr/profiles folder on the device. image
  3. Complete Enrollment:
    • Tap Save & Open. This opens IGQRPrint app in the preview screen to allow for immediate printing or sharing of the barcode. Proceed to the Print & Share Barcode section. image

After completing enrollment, the user can then sign in to the shared device.


Print & Share Barcode

Early Access Preview: Identity Guardian QR Print (IGQRPrint) app is available as an Early Access Preview, meaning this feature is subject to change in future releases.

For barcode printing and sharing directly from a shared device after user enrollment, the administrator installs and configures Identity Guardian QR Print (IGQRPrint) app based on the enrollment type: standard enrollment or self-enrollment. This enables barcode preview, resizing, and direct printing from the device to a Zebra or non-Zebra printer. Barcodes can also be shared via Gmail, Google Drive, Bluetooth and other methods.

Once IGQRPrint app is setup by the administrator, follow these steps to print or share the barcode:

  1. There are 2 methods to initiate the app:

    • At the end of the standard or self-enrollment process for shared devices, the user is given the option to Save & Open, which opens IGQRPrint app in the preview screen.

  2. The user launches IGQRPrint app on the device, which displays a list of user barcodes in descending order by creation date. If new user barcodes are not visible, tap Refresh List of Files. Select a barcode to preview. Note: Files are periodically deleted for security. image
  3. The Preview screen displays the barcode. image

  4. If printing cards, proceed to the next step. If the preview is suitable, tap the Share To button. Choose the method to print or share the barcode and follow the prompts. Selecting Print, will display the printers configured with your device. image

  5. If printing to a Zebra card printer, toggle Share To at the top of the screen to show the Card Printer preview

    image       image

  6. If the preview is not suitable, select Settings from the top right menu. Adjust the settings and preview the barcode until satisfactory (retain default values unless otherwise instructed):
    Share To Parameters: Adjust barcode size for printing and sharing.

    • Allow ShareTo - Toggle to enable non-card printing or sharing.
    • Margin (Mils) - Adjust margins if the barcode is too large or near the edges. The default is 10. Increasing this value decreases the barcode size.
    • Orientation - Choose Portrait or Landscape.
    image       image
    Next, follow step 3 or 4 depending the type of printing (card or non-card).

Personally Assigned Device

Before users can sign in or authenticate on a personally assigned device, they must first register with Identity Guardian. Administrators create and deploy the personally assigned profile, then launch Identity Guardian on the device to initiate the enrollment process. The options available to users during the on-device enrollment process may vary based on the Enrollment Configurations set by the administrator.For more details on how to apply the settings, see the EMM Setup section.

After the enrollment process, the user is immediately presented with the authentication screen.

To enroll users on personally assigned devices:

  1. Open Identity Guardian.
  2. Tap Start. image
  3. Enter corporate PIN. This is a 6 digit PIN set by the administrator. Tap Continue. image
  4. Setup ID and passcode, then tap Next.
    • Enter ID or email
    • (Optional) Select the appropriate user role (options vary based on setup by your adminstrator)
    • Create a passcode, which can contain up to 6 alphanumeric characters.
    • Re-enter the passcode. image
  5. (Optional) Capture facial biometrics. If opting out, tap Skip and skip to step 7 below. Otherwise, tap Add and continue with the subsequent steps. image
  6. Read the Terms & Conditions. Tap Confirm to accept. image
  7. To add a facial photo, tap Add. Position your face within the device screen for the photo capture. Capture 1 to 3 facial photos that may vary based on the individual's look, for example, with eyeglasses, hat, etc. Confirm the photo capture(s). Tap Add to capture additional photos. Tap Next when done. image
  8. Tap Save to save the profile. image
  9. Tap Continue. The profile creation is complete. image


Edit Profile

To edit a profile on a personally assigned device:

  1. Open Zebra Biometric app.
  2. Enter your passcode. image
  3. Select the item to edit:
    • ID & Passcode
    • Face Recognition image
  4. If ID & Passcode is selected, make the appropriate edits and tap Save:
    • Role - select the desired role
    • Passcode - enter the current passcode and the new passcode image
  5. If Face Recognition is selected, delete the existing facial photo and replace it by capturing a new photo. image


Delete Profile

To delete a user profile on a personally assigned device:

  1. Open Zebra Biometric app.
  2. Enter your passcode. image
  3. Tap on the menu icon at the top right and select Delete Profile. image

After the user profile is deleted, the enrollment screen appears for a user to re-enroll to the device and authenticate the user.


Sign In (Authentication)

After a user is enrolled, the authentication screen is displayed on the device. This screen also appears based on the Lock-screen Event options defined by the administrator in the Managed Configurations. These options can be triggered from various events such as when a user signs out, locks or reboots the device.

To sign in or authenticate to a device, tap Unlock. image

The device prompts the user to authenticate based on the Authentication Configuration defined by the admin. The designated primary authentication method is presented first. If the primary authentication method fails, the designated secondary authentication method is presented. The fallback authentication is presented if the primary authentication fails and no secondary authentication is defined, or both primary and secondary authentication fails. Unlicensed devices present a passcode to be entered rather than requesting for a facial biometric.

Microsoft Authenticator

If Microsoft Authenticator app is in use, perform the following after the user unlocks the screen:

  1. The Microsoft Authenticator app is launched prompting for user authentication. Enter the login credentials:
image       image
  1. After authentication is successful, the user gains access to the device.
  2. When a user launches any app that utilizes Microsoft Authenticator app as broker, the app automatically signs in without prompting for user name or password.


Non-Identity Guardian Barcode

A user barcode, known as a Legacy Barcode, can be used to authenticate users even if it was not generated by Identity Guardian. This is useful in organizations where user barcodes already exist. These barcodes must be 1D and have a defined prefix. Upon scanning, the prefix is disregarded, and the user name serves as the identifier. When the device is locked, the user name is prominently displayed on the lock screen.

Note: Legacy Barcode is not encrypted and, therefore, not secure. For shared devices, Zebra recommends using encrypted barcodes for secure authentication. See Managed Configurations for more information.


Admin Setup

Configure Managed Configurations:

  1. Authentication Configuration - Expand User Verification Methods:
    • Verification Setup
      • Enable Comparison Source and select LEGACY BARCODE.
      • Under Primary Authentication Method:
      • Enable Primary Authentication Factor and set this to NO_COMPARISON.
      • Enable Secondary Authentication Factor and set this to NONE.
      • Enable Fallback Authentication Method and set this to NONE.
    • Legcy Barcode Options:
      • Enable Legacy Barcode Prefix and enter the prefix used to validate the barcode. The barcode must begin with this prefix, otherwise the user will not be authenticated. Without a prefix, the user will not be authenticated.
  2. Save the changes and deploy them to the devices.


Usage
  1. On the lock screen, tap the Scan to Unlock button. image
  2. Scan the user barcode. The user gains access to the device. image
  3. Lock the device. The user name is displayed in the lock screen. image


Admin Bypass

A user can bypass authentication by entering the Admin Bypass Passcode, useful for situations where authentication credentials are forgotten. Access is granted provided the user has received the bypass passcode from an admin. While this feature allows device access, it does not track user accountability. It offers a direct method to enter the passcode, as opposed to the alternative fallback authentication (part of the Authentication Configuration scheme), which requires multiple failed authentication attempts.


Admin Setup

Configure Managed Configurations:

  1. Lock Screen Configuration: Expand Lock-screen Menu.
    • Enable Enable Admin Bypass Passcode on Lock screen and set it to true.
  2. Save the changes and deploy them to the devices.


Usage

  1. In the lock screen, tap the menu icon in the top right corner and select Admin Bypass. image
  2. Enter the Admin Bypass Passcode provided by your administrator and tap Unlock. image
  3. The user gains device access.


Alternate Sign-In

Alternate Sign-In, also known as Alternative Login, enables users of shared devices to log in as diffeerent users. This feature is useful for scenarios involving temporary users or those who do not have full-time access, ensuring user accountability is tracked.

Note: The user must be enrolled on the device before using the alternate sign-in method.


Admin Setup

Configure Managed Configurations:

  1. Authentication Configuration - Expand Lock-screen Event Options:
    • On Unlock / OnReboot / On AC power connected / On AC power disconnected / On device manual checkin / On user change
      • Enable Alternative Verification Setup and select the desired Verification Setup that specifies the authentication required for the alternate login.
  2. Lock Screen Configuration - Expand Lock Screen Menu:
    • Enable Customize Alternative Login Button and enter a name for the button designated for alternate login.
  3. Save the changes and deploy them to the devices.


Usage

  1. On the lock screen, tap the button with the customized text located above the Unlock button. The text on this button is based on the admin configuration. image
  2. Scan the user barcode and perform facial authentication.
  3. The user gains device access.


Auto-Fill SSO Login

When users sign in with their SSO credentials, they can save them for future device logins, simplifying the process by requiring password entry only once. After successful primary authentication (e.g., facial scan or passcode), both the user name and password are automatically filled for subsequent logins. This applies to shared devices when multifactor authentication uses SSO as the secondary authentication method.

The SSO credentials are stored and managed in Guardian Safe. Even if Guardian Safe is disabled, users can still access these credentials, though only the SSO credentials are visible. Designated with the IG logo, these credentials are intended exclusively for use with Identity Guardian. Auto-filling of SSO login credentials occurs at the device level during authentication (managed by Identity Guardian) and when logging into Guardian Safe.

Admin Setup

Configure Managed Configurations:

  1. In Authentication Configuration, set:
    • Primary Authentication Factor: FACE or PASSCODE
    • Secondary Authentication Factor: SSO
  2. In Guardian Safe Configuration, set:
    • Auto Fill for SSO: ENABLE
    • Automatically Grant Accessibility Permission: ENABLE
  3. In SSO Authentication Configuration, configure the SSO settings as needed.
  4. Save the changes and deploy them to the devices.

Usage

  1. On the lock screen, scan the user barcode. image
  2. Authenticate using the primary authentication method set by the administrator (e.g. enter passcode or perform a facial scan).
  3. The SSO login screen, as the secondary authentication method, appears with the user name field populated. Tap the password field. image
  4. The user is prompted to save their credentials. Tap Yes to save credentials for future logins. image
  5. Enter the user password and tap Save Credentials. image
  6. The SSO login page reappears with the user name populated. Tap the password field to auto-fill the password, streamlining future logins.


Proxy Mode

Proxy mode enables third-party apps to function as screen blocking apps instead of Identity Guardian. It allows these apps to send user sign-in and sign-out events to Identity Guardian, which can then be shared with other Zebra apps like Device Tracker. This mode is designed for organizations using their own screen blocking apps for device access, while having the ability to notify Identity Guardian of these events. As a result, these notifications are automatically relayed to other Zebra apps, such as Device Tracker, to track user accountability.

Requirements:

  1. Install the Zebra app that receives user session information, such as Device Tracker.
  2. Revise the custom screen blocking app using Current Session API. Set signed_in_state to true when users sign in and false when they sign out. Parse the result for user session details.
  3. Configure Managed Configurations:
  4. Save the changes and deploy them to the devices.

Usage

When a user logs into the custom blocking screen app, Identity Guardian receives the sign-in event and transmits the information to the other Zebra app, which takes action accordingly. E.g., in Device Tracker, the user appears in the Checked Out field.

When a user logs out, Identity Guardian receives the sign-out event and transmits this information to the other Zebra app, which takes action accordingly. E.g., in Device Tracker the user name is cleared from the Checked Out field.

Note: If the user attempts to open Identity Guardian, a message appears indicating that it is not intended to be launched in its current configuration.


User Authentication Scenarios

This video demonstrates various scenarios of user device authentication. In this example, one group of authentication settings is applied to a shared device with the following configurations:

  • Comparison source: Barcode
  • Primary authentication: SSO
  • Secondary authentication: Passcode
  • Fallback authentication: Admin bypass passcode

Sign Out

Sign Out only applies to shared devices. To sign out a device, perform one of the following:

  • Open Identity Guardian app (Zebra Biometric) and tap Sign out. image
  • Swipe down to open the notification drawer. From the Identity Guardian notification, tap Sign Out. image
  • Lock the device.
  • Restart the device (if configured by the administrator).

After a device is signed out, the lock screen is visible: image


Lock Device

This section discusses features designed to enhance user experience and security on the device lock screen.

Custom Message

A user can create a custom message to display on the lock screen, which can be useful in various scenarios. For shared device users, it allows them to leave instructions for the next user. For personally assigned device users, it can serve as a device identifier or a personal reminder. This custom message remains visible to all users when they sign in or sign out of the device.


Admin Setup

Configure Managed Configurations:

  1. Lock Screen Configuration - Expand Custom Lock Screen Message:
    • Enable Allow Custom Lock Screen Message and set it to true.
    • Enable Custom Lock Screen Message Source and select App Specific.
  2. Save the changes.


Usage

To create or edit a custom message on the lock screen:

  1. Sign in to the device to gain device access. image
  2. Open Identity Guardian from the apps menu. image
  3. From the top right, tap on the message icon to access the message settings. image
  4. Enter the message to display on the lock screen, then tap Save. image
  5. Lock the device. The custom message is now displayed on the lock screen. image


Auto-Unlock

Auto-Unlock seemlessly unlocks the device using facial authentication, eliminating need to tap a button on the lock screen. With this feature enabled, users are immediately prompted to scan their face for authentication when unlocking the device, bypssing the extra step.

Requirements:


Admin Setup

Configure Managed Configurations:

  1. Lock Screen Configuration - Expand User Verification Methods:
    • Verification Setup1:
      • Enable Comparison Source and select BARCODE.
      • Expand Primary Authentication Method. Enable Primary Authentication Factor and select FACE.
  2. Lock Screen Configuration - Expand Auto Unlock:
    • Enable On Unlock and select true.
  3. Save the changes.


Usage

  1. On the lock screen, tap the unlock button:
    • For shared devices: Scan to Unlock
    • For personally assigned devices: Unlock image
  2. Scan the user barcode and then scan the user's face for facial authentication. The barcode scan is needed for first-time authentication.
  3. The user gains access to the device.

Subsequent Unlock Attempts: When unlocking the device (e.g. pressing the power button or swiping to unlock), the user is immediately prompted to scan their face for authentication, bypassing the need to tap the unlock button.


Guardian Safe

Guardian Safe enhances productivity and security on shared devices by securely storing user credentials after a single entry on any application's login screen. It automatically populates these credentials for future logins, streamlining access for both native and web applications, such as Microsoft Edge and Google Chrome. Users can easily save credentials from any login screen and have the option to mark specific apps as “ignored” to prevent credential storage. They can also view, modify, or delete saved credentials, providing flexibility and control over their login information.

Guardian Safe is compatible with both SSO and non-SSO environments. When enabled, any app with a login screen prompts users to save credentials if they have not been saved yet. To manage their credentials within Guardian Safe, users must enter their multifactor authentication as configured by the administrator. If Auto-Fill SSO is enabled, the SSO credentials are automatically populated when accessing Guardian Safe.

Important Notes:

  • Auto-Fill SSO - When Auto-Fill SSO is enabled and Guardian Safe is disabled, only SSO login credentials are visible in Guardian Safe. These are identified by the IG logo and are used solely for authentication with Identity Guardian.
  • Lost Barcodes: If an Identity Guardian user loses their barcode, the stored information in Guardian Safe cannot be accessed with a newly created enrollment barcode. Consequently, new credentials (user name and password) must be saved again for all applications.
  • Supported Authentication Values: Only applications with user ID and password fields are supported. Applications requiring OTP (one-time password) fields are not supported. Acceptable values for the user ID can vary by application and may include values such as an email address, phone number or user name.

Requirements:

Prerequisites:

  • ZDNA Cloud Registration - Register with Zebra.com based on the instructions provided in ZDNA Cloud Setup.
  • Device Enrollment - Ensure the device is enrolled and connected to Zebra DNA Cloud.
  • Set Authentication Scheme - The administrator must create an authentication scheme that includes a barcode in combination with either facial biometrics or a user PIN/passcode. Additionally, the user enrollment barcode that includes Guardian Safe MUST be regenerated.
  • Enable Temporary Data Storage - Enable this option in Authentication Configuration from Managed Configurations.


Enable Guardian Safe

Guardian Safe is enabled through ZDNA Cloud and the Guardian Safe Configuration in Managed Configurations. Once enabled, Accessibility Service permission must be granted to allow user credentials to be automatically populated.

To enable Guardian Safe:

  1. Login to Zebra DNA Cloud.
  2. Click the user icon at the top right corner and select My Services from the menu. image
  3. Toggle to enable Guardian Safe. image
  4. When creating the Managed Configurations profile, under Guardian Safe Configuration enable Guardian Safe and configure the other available options as needed.

Choose one of the following methods to grant Accessibility Service permission:

  • Automatically Grant Accessibility Permission - The administrator can enable the Automatically Grant Accessibilty Permission option in Guardian Safe Configuration under Managed Configurations. Once this option is enabled, the Guardian Safe Settings screen will display Use Accessibility: On/Off as grayed out, making it non-changeable by the user and no user interaction is required.

  • Manually Grant Accessibility Permission - User intervention is required to accept the required permission. The user should follow these steps:

    1. Open Identity Guardian. image
    2. Tap the menu icon in the top right corner and select Guardian Safe. image
    3. Scan the Identity Guardian user barcode. Perform a facial biometric scan or enter the user passcode.
    4. Tap the menu icon in the top right corner and select Settings. image
    5. Grant the Android Accessibility Service permission for Identity Guardian:
      • Toggle to enable Use Accessibility: On/Off. image
      • When the Accessibility Service Disclosure statement appears, tap Accept. image
      • In the Accessibility screen, tap Identity Guardian. image
      • Enable Use Identity Guardian. image
      • Tap Allow. image
      • Tap Back continuously until Guardian Safe is closed.


Save Credentials

To save user app login credentials:

  1. Open an app with a login screen (containing a user ID and password field)
  2. Tap the password field. image
  3. A prompt appears asking if the user would like to save their credentials. Tap Yes.
    • If No is selected, the user credentials are not saved (requiring the user to manually enter their credentials each time they log in to the app), and the app is added to the Ignored Apps list. image
  4. The Guardian Safe input screen appears. Enter the user credentials and tap Save Credentials. image
  5. The user login credentials are now saved and will automatically populate in future login attempts when tapping the user name or password field.


Auto-Populate Credentials

After an application's login credentials are saved, subsequent login attempts will automatically populate the credentials in the login screen.

  1. Open an app where the login credentials have previously been saved. image
  2. Tap the user name or password field on the login screen. The user is prompted to authenticate via facial biometric scan or passcode entry.
  3. Upon successful authentication, the login credentials are automatically populated in the respective fields. image
  4. Tap the sign-in button to access the app.


View Apps

To view apps with login credentials saved in Guardian Safe:

  1. Open Identity Guardian. image
  2. Tap the menu icon in the top right corner and select Guardian Safe. image
  3. Multifactor authentication is required. Scan the Identity Guardian user barcode and complete the multifactor authentication as configured by the administrator. This includes primary authentication (e.g., facial authentication or user passcode) followed by secondary authentication (e.g., SSO login).
  4. In the Saved Credentials tab, a list of apps with saved passwords is displayed with their corresponding logo. Tap the eye icon to reveal the password. If Auto-Fill SSO is enabled, the SSO login is saved with the IG logo, indicating that they are SSO credentials meant solely for use with Identity Guardian.
    image       image
    Saved app credentials       Saved SSO credentials


Ignored Apps

Prevent Guardian Safe from saving login credentials from specific apps by designating them as Ignored Apps:

  1. Open an app in the login screen. image
  2. When prompted to save the user credentials during login, tap No. image
  3. The user is directed back to the login screen and the login credentials are not saved. The app is listed in the Ignored Apps tab with the toggle button disabled. image

Future login attempts in this app will no longer trigger Guardian Safe to offer saving the login credentials and the Guardian Safe floating quick access button is no longer present.

To view all Ignored Apps:

  1. Open Identity Guardian. image
  2. Tap the menu icon in the top right corner and select Guardian Safe. image
  3. Scan the Identity Guardian user barcode. Perform facial authentication or enter the user passcode.
  4. Tap the Ignored Apps tab. A list of ignored apps is displayed. image

To save credentials from an Ignored App:

  1. Open Identity Guardian. image
  2. Tap the menu icon in the top right corner and select Guardian Safe. image
  3. Scan the Identity Guardian user barcode. Perform facial authentication or enter the user passcode.
  4. Tap the Ignored Apps tab. A list of ignored apps is displayed. image
  5. Tap on the app to save credentials and tap Yes in the confirmation message. image
  6. The app is removed from the Ignored Apps tab. The user is prompted to save credentials the next time the app is opened. image


Edit Credentials

There are two methods to modify an app's login credentials saved within Guardian Safe:

  • Using Guardian Safe's floating quick access button on the app's login screen
  • Through Guardian Safe directly with Identity Guardian

Floating Quick Access Button: To edit the login credentials for an app using the Guardian Safe floating quick access button:

  1. In the app's login screen, tap on the Guardian Safe floating quick access icon. image
  2. Guardian Safe appears, allowing for the user name or password to be changed. Make the desired changes and tap Save Credentials. image
  3. The updated credentials are now saved.
  4. Future login attempts in the app will automatically be populated with the updated login credentials.

Guardian Safe: To edit the login credentials for an app through Guardian Safe:

  1. Open Identity Guardian. image
  2. Tap the menu icon in the top right corner and select Guardian Safe. image
  3. Scan the Identity Guardian user barcode, then perform facial authentication or enter the user passcode.
  4. In the Saved Credentials tab, find the app to modify. Tap its hamburger menu on the right and select Edit. image
  5. Edit the user name and/or password.
  6. Tap Save Credentials. image
  7. Future login attempts in the app will automatically be populated with the updated login credentials.


Delete Credentials

To delete app login credentials saved in Guardian Safe:

  1. Open Identity Guardian. image
  2. Tap the menu icon in the top right corner and select Guardian Safe. image
  3. Scan the user's Identity Guardian barcode, then perform facial authentication or enter the user passcode.
  4. The apps with passwords saved are listed. In the Saved Credentials tab, find the app to modify the credentials. Tap its hamburger menu on the right and select Delete. image
  5. Tap Yes in the confirmation message. image
  6. The app is removed from the list. image


Delete Users

Users can be removed from the Device Users section in ZDNA Cloud. When a user is deleted, all saved application credentials and the user enrollment barcode are removed. To regain access, The barcode must be regenerated for the same user.


ZDNA Cloud

With the Zebra DNA Cloud platform, Identity Guardian provides administrators with visibility into user activities. This includes the ability to track who has signed in and out of devices, the security measures in place, usage times, and more. Additionally, administrators have the ability to expire users, reset PIN passcodes, and override screen locks.

image

For more information, see the ZDNA Cloud documentation.


See Also