HP Sure Admin User Guide
1 Getting started
HP Sure Admin enables IT administrators to securely manage sensitive device rmware settings using
certicates and public key cryptography for both remote and local management of settings instead of a
password.
HP Sure Admin consists of the following pieces:
● Target PC: The platforms to manage that support Enhanced BIOS Authentication Mode.
● HP Manageability Integration Kit (MIK): The plug-in for System Center Conguration Manager (SCCM)
or HP BIOS Conguration Utility (BCU) for remote management of the BIOS settings.
● HP Sure Admin Local Access Authenticator: A phone app that replaces the password to enable local
access to the BIOS setup by scanning a QR code to obtain a one-time PIN.
Using HP Sure Admin
The process for using HP Sure Admin is as follows:
1. Open HP Sure Admin plug-in within the HP Manageability Integration Kit (MIK) plug-in for System
Conguration Manager (SCCM) or Enhanced BIOS Conguration Utility (BCU).
2. Download the HP Sure Admin phone app from either Google Play
TM
store or the Apple App Store
®
.
3. Create a key pair used by the target device and the HP Sure Admin phone app to obtain the one-time PIN
to unlock BIOS.
Disabling HP Sure Admin
The following are the options to disable HP Sure Admin:
● In BIOS F10 setting, select Restore Security settings to Factory Defaults.
NOTE: This requires physical presence by providing authentication PIN via the HP Sure Admin phone
app to access the F10 settings .
● Use BCU command to remotely call WMI of Restore Security settings to Factory Defaults.
NOTE: For more information, see the HP BIOS Conguration Utility (BCU) User Guide.
● In the MIK Security Provisioning page, select Deprovision.
Using HP Sure Admin 1