Using Conditional Access for Applications on Android 10 devices

Read this page to learn how to access your company applications if they are protected by Portnox™ Conditional Access for Applications.

To access your protected company applications, you must do the following:

  • Get Portnox AgentP from the Play Store.

  • Log in to the Portnox AgentP app using your company credentials.

  • Select your certificate when accessing the company application through the browser.

These steps are described in detail in the sections below:

Note: This process shows the configuration of a Xiaomi A2 phone with Android 10. The Android operating system on other phone models may differ slightly.

Download and install Portnox AgentP

First, you must get the Portnox AgentP app from the Play Store. AgentP will communicate with Portnox Conditional Access and generate a profile for your Android device.

  1. Tap on the icon of the Play Store app to open it.

  2. In the Play Store app, in the search field, type agentp and tap on  🔍 .

  3. In the list of results, find the Portnox AgentP entry and tap on this entry.

  4. On the Portnox AgentP screen, tap on Install.

  5. After installtion is complete, tap on Open.

Result: The Portnox AgentP is installed on your Android device.

Log in to Portnox AgentP using your company credentials

After you install the Portnox AgentP app, run it and log in to it using your regular company credentials.

  1. Optional: If you accidentally closed the Play Store, you can run AgentP by tapping on its icon.

  2. After AgentP opens for the first time, give it requested permissions.
    Note: All these permissions except the ones marked as optional are necessary for AgentP operation. If you do not give these permissions, Conditional Access may not work correctly.
    1. In the Allow Location Services dialog, tap on Allow.

      This permission is necessary for AgentP to be able to check if your device meets your company’s security policies. For example, your company may only allow you to access applications if you are in a certain location, such as a certain country or area. Since AgentP works in the background, it needs to know the location even when the app is not in use.

    2. In the Allow AgentP to access your contacts? dialog, tap on Allow.

      This permission is necessary for AgentP to be able to check if your device meets your company’s security policies. AgentP will never manipulate the contacts on your device.

    3. In the Allow AgentP to make and manage your phone calls? dialog, tap on Allow.

      This permission is necessary for AgentP to be able to check if your device meets your company’s security policies. AgentP will never make any calls on your behalf.

    4. In the Allow AgentP to access this device’s location? dialog, tap on Allow only while using the app.

      This permission is necessary for AgentP to be able to check if your device meets your company’s security policies. For example, your company may only allow you to access applications if you are in a certain location, such as a certain country or area.

    5. In the Allow AgentP to access photos and media on your device? dialog, tap on Allow.

      This permission is necessary for AgentP to be able to check if your device meets your company’s security policies. AgentP will never manipulate your photos or media on your device.

  3. On the Register your device screen, tap on Corporate credentials.

  4. On the Corporate credentials screen, follow the steps depending on how you normally log in to your company applications.
    • If your company uses Microsoft Azure for its employees, tap on Azure.
    • If your company uses Google Workspace for its employees, tap on G Suite.
    • If your company uses Okta Workforce Identity for its employees, tap on Okta.
    • If you don’t recall hearing any of these platform names before when logging in to your company apps, consult with your company’s IT support staff or enter your company email and password in the Domain\user or upn(email) and Password fields and then tap on Activate.

    Important: The following steps and screenshots assume that your company uses Microsoft Azure, which is the most popular platform. These steps will look similar if your company uses other platforms.
  5. If your company uses Azure, on the Sign in screen, enter your business email address. Then, tap on Next.

    Note: The screenshot above is an example, where your company name is Example and your company domain is example.com. Use your real business email address instead.

    Troubleshooting: If you see a button with your email address on it, it means you are already logged in to Microsoft Azure. Tap on that button instead of entering your email address.

  6. If your company uses Azure, on the Enter password screen, enter the password that you normally use to access your company email and applications. Then, tap on Sign in.

    Troubleshooting: If you cannot log in, and you are sure that your password is correct, go back to the Register your device step and try a different choice or ask your company’s IT support staff what platform your company uses to authenticate the employees.

  7. If your company uses Azure, and a Stay signed in? window appears, follow the company policy and/or your preferences to choose Yes or No.

    Note: Your choice will not affect your access to applications but if you choose No, you may have to log in again the next time you will be accessing the applications.
  8. Tap on the AgentP notification or switch back to AgentP to continue enrollment.

  9. Optional: If AgentP shows an Allow suggested Wi-Fi networks? notification, it means that your company also uses AgentP to secure network access. Tap on Allow to gain access to the protected Wi-Fi networks.
  10. In the Name the certificate dialog, enter a name for the certificate (you can keep the default name), make sure that Credential use is set to VPN and apps, and then tap on OK.

  11. Optional: If the Name the certificate dialog does not appear, tap on   ≡  to open the menu and then tap on Install certificate.

Result: You are logged in to Portnox AgentP.

Access the application using your certificate

After you log in to the Portnox AgentP application, you can access your online company resources that are protected by Portnox Conditional Access.

Note: In this example, we are logging in to the Atlassian Confluence/Jira application using the Chrome browser. The process is similar for all other applications protected using Portnox Conditional Access for Applications. We tested Conditional Access on the following Android browsers: Chrome, Edge, Brave, Vivaldi, Opera, Samsung Internet Browser. Conditional Access is not supported by the following browsers due to the lack of access to system certificates: Firefox, Opera Mini.
  1. Open your company application.

    Proceed normally as if you were opening the application before it was protected using Portnox Conditional Access. For example, for Atlassian Confluence, you could type your_company.atlassian.net in your browser address field, where your_company is your company name.

  2. Enter your company email address or tap on Conditional Access.
    • If the application login screen does not have a button that says Log in with Conditional Access or Log in with your company name, enter your business email address. This is an example for Atlassian Confluence/Jira:

    • If the application login screen has a button that says Log in with Portnox Conditional Access or similar, such as: Log in with your company name, tap on this button. This is an example for Salesforce:

    • If the application has a button that says SSO, tap on this button. This is an example for Zoom:

  3. In the Choose certificate dialog, select the certificate name that you chose earlier, and then tap on Select.
    Note: Our application always attempts to select the certificate automatically so this window may not appear for you. If it appears, it means that our application was not able to select the certificate automatically, for example, due to there being more than one certificate or due to operating system or browser restrictions.

    Troubleshooting: If you have more than one certificate, try different certificates, or consult with your company’s IT support staff. If there are any errors, restart your browser. If that does not help, consult our troubleshooting guide.

Result: You can now access your company applications that are protected using Portnox Conditional Access for Applications.