Is Hypergate Authenticator a native Android application?

Yes. Hypergate Authenticator is a native Android Enterprise application that uses Android’s standard Account Manager API to provide Kerberos single sign-on across the device. It is not a wrapper, a web app, or a third-party shim around an unsupported feature. On iOS, Hypergate Authenticator integrates with Apple’s built-in Kerberos extension, providing the same authentication model on both platforms.

How Hypergate integrates with Android

Hypergate Authenticator registers as a system account type using the Android Accounts API. This is the same framework Google’s own apps use to add account types to the device. From the operating system’s perspective, Hypergate is a first-class authenticator, not an external add-on.

Applications such as Google Chrome request Kerberos tickets through standard Android mechanisms. Chrome’s managed configuration includes a field called AuthAndroidNegotiateAccountType, which points to Hypergate. When Chrome encounters a server that requires Kerberos authentication, it asks Hypergate for a ticket through the platform’s own APIs.

SPNEGO challenges from intranet servers are handled transparently. Once Hypergate Authenticator is configured, the user does not interact with it during normal use. Authentication happens silently in the background.

What “native” means in this context

Android Enterprise does not include a built-in Kerberos client in the operating system itself, the way Windows or iOS do. However, Android exposes a public API for adding account types and authenticators, and Hypergate Authenticator implements that API the way it was designed to be implemented. From an architectural standpoint, Hypergate is a native Kerberos client for Android — built using the platform’s own primitives, not bolted on through workarounds.

What about iOS?

Apple iOS includes a built-in Kerberos extension as part of the operating system. Hypergate Authenticator for iOS uses this native extension, providing the same single sign-on behaviour as the Android version. Customers running mixed Android and iOS fleets get one consistent authentication model across both platforms, configured through the same EMM and connecting to the same on-premises Active Directory.

Frequently asked questions

Does Hypergate require modifications to Android?

No. Hypergate Authenticator runs on standard Android Enterprise devices using public APIs that are part of the Android platform. No custom ROM, no rooting, and no modifications to the operating system are required. The application is deployed and configured through your existing EMM, the same way any other managed application is delivered.

Does Hypergate work in the Android Enterprise work profile?

Yes. Hypergate Authenticator supports all Android Enterprise deployment scenarios, including work profile, fully managed devices, and dedicated devices. Within the work profile, Hypergate provides Kerberos single sign-on to managed applications without affecting the personal side of the device.

Which apps can use Hypergate for single sign-on?

Any application that uses standard SPNEGO or Kerberos authentication mechanisms on Android can use Hypergate. This includes Google Chrome for intranet browsing, Microsoft applications, and internal business apps that authenticate against Active Directory. Applications that use Custom Chrome Tabs for authentication are also supported. No application-side integration work is needed for apps that already follow the platform’s authentication standards.

Is Hypergate compatible with Google Chrome on Android?

Yes. Google Chrome on Android supports Kerberos authentication through a managed configuration field that points to a Kerberos authenticator on the device. When Chrome is configured to use Hypergate as the negotiate account type, intranet sites that require Kerberos authentication are accessed seamlessly. The user does not see a login prompt for resources their Kerberos ticket already covers.