Revoking access for a lost device
When a computer, laptop, or mobile phone used to access Haplo is lost, and you are managing access using Haplo internal accounts (not Single Sign On against a remote identity service), you should revoke access.
Revoking access (user accounts)
If you suspect the user has used a computer or device without full disc encryption and has used the “remember me” option in the web interface, invalidate all auto-login credentials to make sure access is revoked from that computer.
If you are in any doubt, block the user’s account completely until you have made a full assessment of the loss and potential security breach.
Revoking access (devices)
Devices using Haplo Mobile store authentication tokens. These are revoked independently of passwords. Changing the user’s password does not remove this device’s ability to access information.
When a device is lost:
Scroll to the bottom to find the API keys, click on the key for the lost device, and click the Delete API key button.
- Ask the user to change their password.
- Where possible, initiate a remote wipe of the device.