Skip to main content
Version: 7.0

Mobile applications

Overview

You can use the official mobile application to access the On-Premise version of Passwork.

It has the main features available in the desktop version of Passwork. With the app, you can use your vaults, folders, and passwords, manage them, and also use a number of other functions.

The mobile client is available in the App Store, Google Play. Or you can scan the QR code below:

QR codes for downloading mobile applications
info

To learn more about connecting and using our applications, check out the detailed guides on the Passwork Mobile Application and the Passwork 2FA Application

How the Application Works

The mobile application connects directly to your Passwork server using a token, so to use the app, you need to enable the parameter in Roles — Use Mobile Application.

The mobile application uses only the HTTPS protocol and verifies the authenticity of the server's SSL certificate by matching it with trusted certificates stored in the device's system store.

Therefore, for the app to work correctly, you need to ensure that:

  1. Mobile devices have direct access to the Passwork server via local network or VPN
  2. Passwork is configured to work over HTTPS protocol
  3. A valid SSL certificate issued by a certification authority is used
  4. Use of the mobile application is enabled for the account

Authorization in Applications

For authorization, Passwork generates a special QR code containing information about the Passwork host and token. To authorize the device:

  1. Log in to your Passwork account
  2. In the Settings and Users menu, click Connect Mobile Device
  3. Enter your password (and master password if enabled for your Passwork)
  4. Open the Passwork app and scan the QR code
  5. If authorization is successful, you can start using the app

If you get a connection error when trying to authorize, check that:

  • The parameter in Roles for users — Use Mobile Application is enabled
  • Your device can connect to the server
  • The SSL certificate is valid

Using Two-Factor Authentication

The Passwork mobile client does not use 2FA because you authorize the device through the desktop version of Passwork. Once the device is linked, access to the app is done using a PIN code or biometric data stored on the phone.

You can protect Passwork itself with two-factor authentication by using the official Passwork 2FA application or a third-party service such as Google Authenticator or Microsoft Authenticator.

Using SSL Certificates

The app verifies the validity of the SSL certificate when connecting to your server. To pass verification successfully:

  1. The certificate must be issued by a root certification authority
  2. The certificate must be issued to your server name or DNS record
  3. The certificate must not be expired

You can obtain a valid certificate by the following methods:

  1. Purchase a certificate from any trusted authority
  2. Use a free certificate from Cloudflare or similar services
  3. Generate or get a free certificate from Let’s Encrypt

Support for Self-Signed SSL Certificates

danger

We do not recommend using self-signed certificates as they may pose a security risk and complicate automatic verification

If you use a self-signed SSL certificate on the Passwork server, you need to add it to the trusted list on your device.

To install a self-signed certificate on iOS:

  1. Issue a self-signed public root certificate
  2. Issue an SSL certificate for your host using the root certificate
  3. If you used a self-signed certificate without a root, replace it with a new one as described in step 2
  4. Export the root certificate in .crt format and transfer it to the device
  5. Find the .crt file on your device and the system will prompt you to install it automatically
  6. Go to Settings -> General -> About -> Certificate Trust Settings and enable Full Trust for Root Certificates

To install a self-signed certificate on Android:

  1. Issue a self-signed public root certificate
  2. Issue an SSL certificate for your host using the root certificate
  3. If you used a self-signed certificate without a root, replace it with a new one as described in step 2
  4. Export the root certificate in .crt format and transfer it to the device
  5. Find the .crt file on your device and open it. Installation requires unlocking the device and entering a certificate name

Using VPN Connection

You can use VPN to access Passwork without having direct connection to the server. On mobile devices, VPN can be configured via the system tools of iOS and Android or through any mobile VPN client.

For VPN connection to work, your Passwork server must use HTTPS protocol, and devices must connect using the server name or CN value from the certificate. You will also need to install the public root certificate file on your mobile device as described in the section above.