Touch ID or Face ID with fallback to device passcode – device user perspective

You can allow device users to use Touch ID or Face ID instead of a secure apps passcode to access secure apps with the following fallback option:

• Touch ID or Face ID with fallback to device passcode

Most customers use Touch ID or Face ID with fallback to device passcode. An AppConnect passcode is not required when using Touch ID or Face ID with fallback to device passcode. With this option, the device user can do the following tasks using Mobile@Work:

• Choosing Touch ID or Face ID with fallback to device passcode to access secure apps

See Touch ID or Face ID for accessing secure apps for the administrative perspective.

Screenshots show only Touch ID, not Face ID, but Face ID behavior is similar.

Choosing Touch ID or Face ID with fallback to device passcode to access secure apps

The device user is prompted to choose whether to use Touch ID or Face ID to access secure apps when:

• On the AppConnect global policy, you have selected Use Touch ID or Face ID when supported and for When using Touch ID or Face ID, fall back to you have selected Device passcode.

• The device user has enabled the device passcode and at least one of Touch ID or Face ID.

• The device user has registered a device and then either

  • Accesses secure apps for the first time or

  • Taps Log In (to secure apps) on the Mobile@Work home screen

Mobile@Work does not present this choice on devices on which the user has not enabled both Touch ID or Face ID and the device passcode, or the device does not support Touch ID or Face ID. For those devices, Mobile@Work prompts the device user to enter a strong device passcode.

Device users choose Touch ID or Face ID

1. Mobile@Work prompts device users to choose whether to use Touch ID or Face ID to access secure apps. Device users are not prompted for an AppConnect passcode.

2. If the device users tap Yes, they are prompted for their fingerprint or Face ID.

   

3. Device users enter their Touch ID or Face ID and are logged into secure apps.

Device users use Touch ID for authenticating to secure apps, unless the device user changes the authentication method using Settings > Secure Apps > Authentication in Mobile@Work.

Device users choose passcode

1. Mobile@Work prompts device users to choose whether to use Touch ID or Face ID to access secure apps.

2. If device users tap No, they are prompted to enter a strong device passcode.

Device users use the device passcode for authenticating to secure apps, unless they change the authentication method using Settings > Secure Apps > Authentication in Mobile@Work.