Company logoHelp Center
Visit www.threatlocker.com

ThreatLocker Access App and Devices Page

6 min. readlast update: 04.22.2026

Using the ThreatLocker Access mobile application, organizations can extend Secure Network Access controls to mobile devices. Once installed and registered, administrators can enforce policies that manage access to SaaS applications, websites, and Microsoft 365 (M365) resources. Conditional Access policies ensure secure and compliant mobile access to M365.

Installing the ThreatLocker Access App

Note: Use Portal to send invites instead of Beta.

From the ThreatLocker portal, navigate to the Devices page and select the Groups tab. From here, you can create a new group for iOS or Android if one does not already exist. Once the iOS or Android group is created, you will be able to generate a QR code to download the ThreatLocker Access mobile application. 

Before registering a device, ensure:

  • Secure Network is enabled in your ThreatLocker Portal

  • The user has:

    • A valid phone number or email address

    • A valid group install key provided by an administrator

      • Distributing the group install key is not required if installing with the QR code

  • The ThreatLocker Access App is installed on the device:

    • iOS

    • Android

Note:  The group install key links the device to your organization during registration.

Initial App Launch and User Registration

The ThreatLocker app can be pushed through your MDM or downloaded from the App Store or Play Store.

Register a Mobile Device

  1. Open the ThreatLocker Access App.

  2. Enter:

    • Phone number or email address

    • Group install key (pre-filled if using the QR code)

  3. Select 'Register'.

Result:

  • A registration request is submitted

  • The device is placed in a 'Pending' state

  • The user must wait for administrator approval

 

Approving Mobile Devices in the ThreatLocker Portal

A ThreatLocker administrator must review and approve each new mobile device.

Sign in to the ThreatLocker portal.

Navigate to Devices > Pending Devices.

Locate and select the checkbox next to the mobile device entry or entries you want to approve.

Choose:

  • Approve to enroll the device
    • The device will now move to the mobile page
  • Reject to deny the request
    • To return the device to a pending state it will need to restart the registration process

What Happens After Approval

Once a device is approved:

  • The system automatically configures Secure Network access

  • The mobile app updates with the required connection settings

  • The user may be prompted to complete setup if needed: prompt for creating VPN configuration is required before connecting

User Experience

Users will see the following:

  1. Registration

    • Enter details and submit request

    • App shows a pending status

  2. Pending

    • Waiting for administrator approval

    • Secure Network access provisioning process is still in progress 

  3. After Approval

    • App receives configuration or prompts for setup if not previously completed

  4. Ready

    • Device shows connect 

    • Secure Network access is available 

Mobile Page

  1. Filter by OS type:
    • All
    • Android
    • iOS
  2. Search by Computer Group or All Computers
  3. Search by email or phone number, username, or partial matches
  4. Select to include the Access devices for child organizations
  5. Select to only show secured devices
    • This will will only show mobile devices that have been added to the secure network

The main grid contains the following columns:

  1. Multiselect checkbox
  2. Name - Device name that is pulled durning registration
  3. Phone Number - displays phone numbers that have been imported
  4. Email Address - displays email addresses that have been imported
  5. OS - displays the OS type as reported by the device
  6. Group - displays the group the device belongs to
  7. Last Check- displays the last date/time the device checked in to the portal along with the IP address it checked in with
  8. Date Added - displays the date/time the device was added 
  9. Force Check-In - contains a button to force the subject device to check in to the portal (must have push notifications enabled)
  10. Delete - delete a device from the ThreatLocker portal - does not remove the app from the device

Multiselect Functions

  1. Enable Secure Network Access - if the organization has secure network server access, they will be able to select devices and then enable Secure Network Access, providing access to ZTCA. Secure Network Access is not required for Cloud Control.
  2. Force the selected devices to check in to the portal
  3. Delete the selected devices from the ThreatLocker portal - does not remove the app from the device.
    • After clicking Delete, a prompt appears to permanently delete and block devices. If selected, the device will receive a sign-out action and will be required to register again.
  4. Revoke Secure Network – for the selected device, this immediately removes its ability to connect to the secure network and ZTCA.
  5. Move Device - option to move the selected device to another group or organization. Warning: Moving devices between organizations will lose any custom policies that do not exist in the parent organization.
  6. Cancels the multiselect and clears all selected checkboxes

Once installed, the app will check in to the ThreatLocker portal every minute as long as the user keeps the app open. If the application is closed (for example, swiped away), it will continue checking in every 15 minutes, keeping its IP address up to date.

The check in history of the device can be viewed by selecting the device from the main grid, opening the sidebar, and selecting the "Check-ins" tab. In the below example, the device does not have geolocation enabled.

 

Was this article helpful?