HP EliteBook 735 Sure Admin User Guide - Page 6

Creating and exporting keys

Get HP EliteBook 735 PDF manuals and user guides View all HP EliteBook 735 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 6 highlights

2 Creating and managing keys Complete Security provisioning within MIK prior to enabling Enhanced BIOS Authentication Mode. Enhanced BIOS Authentication Mode must be enabled to create and export keys. To enable BIOS Authentication Mode: ▲ Open the HP Sure Admin plug-in and select Enhanced BIOS Authentication Mode to create and export keys. Creating and exporting keys Select one of the following models to create local access key pairs and enable the HP Sure Admin phone app to access the key: ● Create and Export Key - Use this option to export the local access authorization key and then manually distribute it to the HP Sure Admin phone app through email or other method. NOTE: This option does not require HP Sure Admin phone app network access to obtain a one-time PIN. ● Create and Export Key with Azure AD Revocation - Use this option to connect the local access key to a specified Azure Active Directory group and require the HP Sure Admin phone app to require both user authentication to Azure Active Directory and to confirm that the user is a member of the specified group before providing a local access PIN. This method also requires manual distribution of the local access authorization key to the phone app through email or other method. NOTE: This option requires the HP Sure Admin phone app to have network access in order to obtain a one-time PIN. ● Create and Send Key to Azure AD Group OneDrive - (Recommended) Use this option to avoid storing the local access authorization key on the phone. When you choose this option, MIK will store the local access authorization key to the specified OneDrive folder that is only accessible to the authorized group. The HP Sure Admin phone app user will be required to authenticate to Azure AD each time a PIN is needed. NOTE: This option requires the HP Sure Admin phone app to have network access in order to obtain a one-time PIN. To create and export a key: 1. Name your key in the Key Name entry box. 2. Enter the passphrase in the Passphrase entry box. NOTE: The passphrase is used to protect the exported key and must be provided so that the HP Sure Admin phone app user is able to import the key. 3. Select Browse, and choose where to export the path in the system. 4. Select Create Key. NOTE: Your key has successfully created when a notification icon appears next to the Create Key button with the message Key successfully created. 2 Chapter 2 Creating and managing keys

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
2
Creating and managing keys
Complete Security provisioning within MIK prior to enabling Enhanced BIOS Authentication Mode.
Enhanced BIOS Authentication Mode must be enabled to create and export keys. To enable BIOS
Authentication Mode:
Open the HP Sure Admin plug-in and select
Enhanced BIOS Authentication Mode
to create and export
keys.
Creating and exporting keys
Select one of the following models to create local access key pairs and enable the HP Sure Admin phone app
to access the key:
Create and Export Key
— Use this option to export the local access authorization key and then
manually distribute it to the HP Sure Admin phone app through email or other method.
NOTE:
This option does not require HP Sure Admin phone app network access to obtain a one-time
PIN.
Create and Export Key with Azure AD Revocation
— Use this option to connect the local access key to a
specified
Azure Active Directory group and require the HP Sure Admin phone app to require both user
authentication to Azure Active Directory and to
confirm
that the user is a member of the
specified
group
before providing a local access PIN. This method also requires manual distribution of the local access
authorization key to the phone app through email or other method.
NOTE:
This option requires the HP Sure Admin phone app to have network access in order to obtain a
one-time PIN.
Create and Send Key to Azure AD Group OneDrive
— (Recommended) Use this option to avoid storing
the local access authorization key on the phone. When you choose this option, MIK will store the local
access authorization key to the
specified
OneDrive folder that is only accessible to the authorized group.
The HP Sure Admin phone app user will be required to authenticate to Azure AD each time a PIN is
needed.
NOTE:
This option requires the HP Sure Admin phone app to have network access in order to obtain a
one-time PIN.
To create and export a key:
1.
Name your key in the
Key Name
entry box.
2.
Enter the passphrase in the
Passphrase
entry box.
NOTE:
The passphrase is used to protect the exported key and must be provided so that the HP Sure
Admin phone app user is able to import the key.
3.
Select
Browse
, and choose where to export the path in the system.
4.
Select
Create Key
.
NOTE:
Your key has successfully created when a
notification
icon appears next to the
Create Key
button with the message
Key successfully created
.
2
Chapter 2
Creating and managing keys