Skip to content
English
More support
Contact us
  • There are no suggestions because the search field is empty.

KeyOnTheGo Key Assignment 

What is KeyOnTheGo?

KeyOnTheGo is a mobile key assignment workflow in portier®VISION that allows keys to be assigned to a person and digitally confirmed via a mobile app using a QR code and signature.

How is a key assigned to a person?

In portier®VISION, a key is assigned to a specific person (key holder). The assignment is created by an administrator in the system.

How is the QR code generated?

After the key assignment is created, portier®VISION 5 generates a QR code for that specific assignment.

Who scans the QR code?

The key holder opens the Portier mobile app and scans the QR code.
Typically, this happens immediately after the administrator creates the assignment.

How does the mobile app connect?

  • Online (internet mode):
    The mobile app connects to the Portier cloud via the internet.
  • Local mode:
    The mobile device must be on the same local network as the portier system. No internet connection is required.

What information is shown to the key holder?

Before signing, the app displays:

  • Name
  • Staff ID
  • Key number

This ensures the key holder can clearly see and confirm what they are signing for.

How is the signature captured?

The key holder signs directly on the mobile phone within the Portier app.

Where is the signature stored?

The signature is stored temporarily in the Portier cloud so it can be retrieved by the client system.

How is the signature retrieved?

An internal client (for example, portier®VISION or a VCA / Citrix client) actively retrieves the signature from the cloud.

What happens after retrieval?

The signature is:

  1. Retrieved by portier®VISION using authenticated access
  2. Passed to the local KeyOnTheGo service
  3. Stored permanently within the local portier system

Cloud, Data Location, and Security

Where is the data stored?

All temporary KeyOnTheGo data stored in the cloud is hosted on the German Microsoft Azure Cloud, operated by portier Global.
The data remains exclusively within Germany.

What role does the Portier cloud play?

The Portier cloud acts as a temporary intermediary only.
It is not used as permanent storage.

What data is stored in the cloud, and for how long?

The following data is stored temporarily:

  • Name
  • Staff ID
  • Key number(s)

The maximum retention period in the cloud is one month.
After retrieval, permanent storage takes place only in the customer’s local portier system.

Is the solution GDPR compliant?

Yes. The KeyOnTheGo process is designed to comply with GDPR requirements:

  • Cloud hosting is located in Germany (EU jurisdiction)
  • Only the minimum necessary personal data is processed
  • Data storage in the cloud is time-limited (maximum one month)
  • Permanent storage occurs locally, under customer control
  • Access to cloud data is restricted and authenticated
  • No personal data is embedded in the QR code itself

This supports GDPR principles such as data minimization, purpose limitation, and limited retention.

QR Code and Access Control

How long is a QR code valid?

A QR code is valid for up to one month.
It can technically be scanned multiple times, but it is used only once by portier®VISION. Any later updates to the assignment do not affect the original QR code.

Does the QR code contain personal data?

No.
The QR code contains only a reference with a token, not personal data.

Who is allowed to retrieve the signature?

Only portier®VISION is allowed to retrieve the signature.
Access is secured via authenticated requests.

Is the KeyOnTheGo service accessible via HTTP or HTTPS?

  • Cloud communication: HTTPS
  • Local network communication: HTTP

How does the mobile app authenticate itself?

Authentication is performed using a combination of request ID and token embedded in the QR code.

Can any device send signatures to port 1233?

Only devices that:

  • Scan a valid QR code
  • Use the official Portier mobile app

are able to submit signatures.

How is it ensured that manipulated or foreign signatures are not accepted?

  • Each request is validated using a strong request ID and token combination
  • Foreign or invalid data is automatically rejected
  • Any unexpected signature can be reviewed and validated manually by a human