When an external vendor attempts to log in to CyberArk’s web portal, Remote Access displays a one-time, short-lived QR code on their workstation. Using the Remote Access mobile app, the user scans the QR code and simultaneously authenticates their identity by means of facial or fingerprint recognition. If both the QR code and the biometric data are approved, the remote user is granted secure access to the CyberArk web portal and authorised to access critical systems from their workstation. The web browser session is isolated, and credentials are never shared with the end user’s workstation when they enter into critical IT systems for regular work, maintenance, or otherwise. The session is encrypted end-to-end.