Administration

Mobile applications

13min

Description

Mobile apps are available for iOS and Android.

Document image


💡 Mobile app support is available since Passwork 4.7.0

Features

Mobile apps allow you to access data that is stored in your Passwork.

You will be able to:

  • Work with vaults, folders and passwords
  • Search data
  • Generate strong passwords
  • Create one-time links to share passwords
  • Use biometrics to authorize in the app

Future releases will add the ability to manage permissions and users, as well as auto-complete passwords in other apps.

How apps work

Mobile apps connect directly to your Passwork server using an API.

💡 As part of data transfer security, apps always use HTTPS protocol and check the validity of SSL certificate on your server.

Therefore, for applications to work correctly, you need to make sure that:

  1. Mobile devices have access to your server (directly, via LAN or VPN)
  2. Your server with Passwork is configured to work via the HTTPS protocol
  3. You're using a valid SSL certificate issued by a trusted certificate authority
  4. You are allowed to use the API (an administrator can forbid usage of the API by specific users)

Authorization in applications

The applications authorization is done via a special QR-code.

  1. Log in to your Passwork account
  2. Select "Authorize mobile app" from the "Settings and Users" menu
  3. Passwork will prompt you to re-authenticate and enter your authorization password (and master password, if this mode is enabled in your Passwork)
  4. A popup with a QR code will be displayed
  5. Open the Passwork app on your phone and scan the QR code
  6. The QR code contains your Passwork host information as well as your API key.
  7. The app will go through authorization and you can start working

In future releases we plan to add an additional login and password authorization option.

2FA and mobile apps

Mobile apps do not ask for a 2FA code, as they require you to log in and authorize in Passwork in your browser (authorization in the browser will ask for a 2FA code if this mode is enabled) in order to receive the QR code.

Using SSL certificates

Mobile applications check the validity of an SSL certificate when connecting to your server.

  1. Certificate must be issued by a trusted authority
  2. Certificate must be issued for your domain or IP address
  3. Certificate must not be expired

💡 If the application fails to verify the validity of the certificate, a connection error will be displayed when scanning the QR code

💡 We do not recommend using self-signed certificates

You can get a valid certificate in the following ways:

  1. Purchase a certificate from any trusted center
  2. Use a service like Cloudflare which provides free certificates
  3. Generate or get a free valid certificate Let's Encrypt

Support of VPN-connections

If you are using a VPN connection to connect to Passwork, you will also need to set up a VPN connection for the mobile app to work. You can set up a VPN-connection on your cell phones using iOS or Android tools or install special mobile VPN-clients.

When working via VPN your Passwork host can have a local IP address or a local domain name inaccessible from the Internet. To obtain a valid certificate in this case you need:

  1. Register (if you don't have one) a 2nd level domain, e.g. my-company.org
  2. Issue a valid certificate for any subdomain, e.g. passwork.my-company.org
    1. You can issue a wildcard certificate for my-company.org that will cover all subdomains
  3. In the DNS settings for the domain passwork.my-company.org you must specify the local IP address of your Passwork, where it is available in your VPN network
  4. Configure your Passwork server to work with the certificate at passwork.my-company.org
  5. Now with a connected VPN connection you can open passwork.my-company.org and get into Passwork accessible only from the VPN network. The server will give you a valid SSL certificate.

Support for self-signed SSL certificates

If you use a self-signed SSL certificate on the Passwork server, you have to add it to the trusted ones on your cell phone.

💡 Important Support for self-signed certificates is only available on iOS. The Android app does not yet support self-signed certificates.

To set up an iOS app with a self-signed certificate:

  1. Issue a self-signed root certificate
  2. Use that root certificate to issue an SSL certificate for your IP or host
  3. If you used a self-signed certificate without a root certificate, replace your current certificate with the new one from step 2.
  4. Export the root certificate in .crt format and transfer it to your iOS device
  5. Find the .crt file on your iOS device, and the system will ask you to install it automatically.
  6. Open General > About > Certificate Trust Settings. And activate your certificate in "Enable Full Trust for Root Certificates".

Paragraph

Question

Answer

Description

What are mobile apps?

Mobile apps are available for iOS and Android.

Description

Where can you download Passwork app?

Passwork app can be downloaded from https://apps.apple.com/app/passwork-self-hosted/id1589706401 for iOS or https://play.google.com/store/apps/details?id=com.passwork.passwork_sh for Android.

Description

What is the image in the description?

The image is a screenshot of the application interface.

Features

What are the features of the mobile apps?

The mobile apps allow you to work with vaults, folders and passwords, search data, generate strong passwords, create one-time links to share passwords and use biometrics to authorize in the app.

Features

What features will be added in future releases?

In future releases, the ability to manage permissions and users, as well as auto-complete passwords in other apps, will be added.

How apps work

How do mobile apps connect to Passwork server?

Mobile apps connect directly to your Passwork server using an API.

How apps work

What do you need to make sure for the applications to work correctly?

For applications to work correctly, you need to make sure that mobile devices have access to your server, your server with Passwork is configured to work via the HTTPS protocol, you're using a valid SSL certificate issued by a trusted certificate authority, and you are allowed to use the API.

Authorization in applications

How is authorization in applications done?

Authorization in applications is done via a special QR-code.

Authorization in applications

What are the steps to authorize the mobile app?

The steps to authorize the mobile app are: log in to your Passwork account, select "Authorize mobile app" from the "Settings and Users" menu, re-authenticate and enter your authorization password, a popup with a QR code will be displayed, open the Passwork app on your phone and scan the QR code.

2FA and mobile apps

Do mobile apps ask for a 2FA code?

Mobile apps do not ask for a 2FA code, as they require you to log in and authorize in Passwork in your browser.

Using SSL certificates

What do mobile applications check when connecting to your server?

Mobile applications check the validity of an SSL certificate when connecting to your server.

Using SSL certificates

What are the requirements for a valid SSL certificate?

The requirements for a valid SSL certificate are that it must be issued by a trusted authority, it must be issued for your domain or IP address, and it must not be expired.

Support of VPN-connections

How do you set up a VPN connection for the mobile app to work?

You can set up a VPN-connection on your cell phones using iOS or Android tools or install special mobile VPN-clients.

Support of VPN-connections

What is the process to obtain a valid certificate when working via VPN?

The process to obtain a valid certificate when working via VPN is to register a 2nd level domain, issue a valid certificate for any subdomain, specify the local IP address of your Passwork in the DNS settings for the domain, configure your Passwork server to work with the certificate at the subdomain, and open the subdomain with a connected VPN connection to get into Passwork accessible only from the VPN network.

Support for self-signed SSL certificates

What is the process to set up an iOS app with a self-signed certificate?

The process to set up an iOS app with a self-signed certificate is to issue a self-signed root certificate, use that root certificate to issue an SSL certificate for your IP or host, export the root certificate in .crt format and transfer it to your iOS device, find the .crt file on your iOS device, and activate your certificate in "Enable Full Trust for Root Certificates" in General > About > Certificate Trust Settings.

Using SSL certificates

What are the consequences of failing to verify the validity of an SSL certificate when connecting to the server?

If the application fails to verify the validity of the certificate, a connection error will be displayed when scanning the QR code.

Using SSL certificates

Why is it not recommended to use self-signed certificates?

Self-signed certificates are not recommended because they are not issued by a trusted certificate authority, and mobile apps may not support them.

Using SSL certificates

What are the ways to get a valid SSL certificate?

The ways to get a valid SSL certificate are to purchase it from any trusted center, use a service like Cloudflare which provides free certificates, or generate or get a free valid certificate from Let's Encrypt.

Support of VPN-connections

What is the purpose of specifying the local IP address of your Passwork in the DNS settings for the domain when working via VPN?

The purpose of specifying the local IP address of your Passwork in the DNS settings for the domain when working via VPN is to obtain a valid SSL certificate that covers the subdomain used to access Passwork.

Support for self-signed SSL certificates

Why is support for self-signed certificates only available on iOS?

Support for self-signed certificates is only available on iOS because the Android app does not yet support them.

Support for self-signed SSL certificates