Touch ID or Face ID with fallback to AppConnect passcode – device user perspective

You can allow device users to use Touch ID or Face ID instead of a secure apps passcode to access secure apps

  • Touch ID or Face ID with fallback to AppConnect passcode

Although not the common choice, some customers use Touch ID or Face ID with fallback to AppConnect passcode when they have a compelling reason to not require a strong device passcode for device users.

Screenshots in this chapter are based on Mobile@Work 9.1 for iOS. Therefore, the screenshots show only Touch ID, not Face ID, but Face ID behavior is similar.

The overall device user experience for a newly registered user is:

  1. Choose whether to use Touch ID or Face ID.

  2. Use Touch ID or Face ID when the auto-lock time expires

    When the auto-lock time has expired, and device users can use Touch ID or Face ID when re-accessing secure apps.

  3. Change whether to use Touch ID or Face ID.

    Device users can later change their choice about using Touch ID or Face ID:

See also: Touch ID or Face ID for accessing secure apps for the administrative perspective.

Choose whether to use Touch ID or Face ID

After creating the AppConnect passcode, Mobile@Work gives device users the choice to use Touch ID or Face ID with fallback to the AppConnect passcode, or to use only the AppConnect passcode for accessing secure apps. However, Mobile@Work gives this choice only if the device user has already done the following in the device’s Settings > Touch ID & Passcode:

  • Turned on the device passcode.

  • Enabled Touch ID or Face ID on the device.

Figure 1. Touch ID or Face ID prompt

If device users tap

  • Yes, they will use Touch ID or Face ID when re-accessing secure apps after the auto-lock time expires. In all other cases for accessing secure apps, they will enter the AppConnect passcode. These other cases include, for example, the first time an AppConnect app is launched or when the user logs out of secure apps in Mobile@Work.

  • No, they will use the AppConnect passcode for all further authentications to secure apps.

 

Use Touch ID or Face ID when the auto-lock time expires

Mobile@Work displays the following prompt for Touch ID or Face ID when device users attempt to re-access secure apps and the auto-lock time has expired.

If Touch ID or Face ID authentication fails, device users are prompted to try again and given the option to use (fallback to) the secure apps passcode:

Tapping Use Secure Apps passcode causes Mobile@Work to prompt the device user for the secure apps passcode. Tapping Cancel terminates the operation.

Changing from secure apps passcode to Touch ID or Face ID

Device users can change the authentication method for accessing secure apps to Touch ID or Face ID when both of the following are true:

  • You have selected Use Touch ID or Face ID when supported on the AppConnect global policy.

  • Device users have enabled the device passcode and at least one of Touch ID or Face ID.

To change from secure apps passcode to Touch ID or Face ID, in Mobile@Work:

  1. Navigate to Settings > Secure Apps > Authentication.

  2. Tap Enable Touch ID.

Device users use Touch ID or Face ID for all further authentications to secure apps, unless they change the authentication method using Settings > Secure Apps > Authentication in Mobile@Work.

Changing from Touch ID or Face ID to secure apps passcode

Device users can change the authentication method for accessing secure apps to the secure apps passcode using the following steps in Mobile@Work:

  1. Navigate to Settings > Secure Apps > Authentication.

  2. Tap Disable Touch ID.

  3. Enter a new secure apps passcode and tap Done.

  4. Reenter the new passcode and tap Done.

Device users use the secure apps passcode for all further authentication to secure apps, unless they change the authentication method using Settings > Secure Apps > Authentication in Mobile@Work.