Touch ID or Face ID with fallback to device passcode -- device user perspective

You can allow the device user to use Touch ID/Face ID instead of a secure apps passcode to access secure apps. Two options are available:

Touch ID or Face ID with fallback to device passcode
Touch ID or Face ID with fallback to AppConnect passcode

Most customers use Touch ID or Face ID with fallback to device passcode. With this option, the device user can do the following tasks using Mobile@Work:

Choosing Touch ID or Face ID with fallback to device passcode to access secure apps
Changing from secure apps passcode to Touch ID/Face ID to access secure apps
Changing from Touch ID/Face ID to secure apps passcode to access secure apps

See also: Touch ID or Face ID for accessing secure apps for the administrative perspective.

NOTE: Screenshots in this chapter are based on Mobile@Work 9.1 for iOS. Therefore, the screenshots show only Touch ID, not Face ID, but Face ID behavior is similar.

Choosing Touch ID or Face ID with fallback to device passcode to access secure apps

The device user is prompted to choose whether to use Touch ID or Face ID to access secure apps when:

On the AppConnect global policy, you have selected Use Touch ID or Face ID when supported and for When using Touch ID or Face ID, fall back to you have selected Device passcode.
The device user has enabled the device passcode and at least one of Touch ID or Face ID.
The device user has registered a device and then either
- Accesses secure apps for the first time or
- Taps Log In (to secure apps) on the Mobile@Work home screen

Note The Following:  

Mobile@Work does not present this choice on devices on which the user has not enabled both Touch ID/Face ID and the device passcode, or the device does not support Touch ID/Face ID. For those devices, Mobile@Work prompts the device user to enter a new secure apps passcode.
Screenshots in this chapter are based on Mobile@Work 9.1 for iOS. Therefore, the screenshots show only Touch ID, not Face ID, but Face ID behavior is similar.

The device user chooses Touch ID/Face ID

1. Mobile@Work prompts the device user to choose whether to use Touch ID/Face ID to access secure apps.
2. If the device user taps Yes, he is prompted for his fingerprint or Face ID.

3. The device user enters the Touch ID or Face ID and is logged into secure apps.

The device user will use Touch ID for all further authentications to secure apps, unless the device user changes the authentication method using Settings > Secure Apps > Authentication in Mobile@Work.

The device user chooses passcode

1. Mobile@Work prompts the device user to choose whether to use Touch ID or Face ID to access secure apps.
2. If the device user taps No, he is prompted to create a secure apps passcode.

3. The device user enters a new secure apps passcode.

4. The device user reenters the new passcode.

The device user will use the secure apps passcode for all further authentication to secure apps, unless the device user changes the authentication method using Settings > Secure Apps > Authentication in Mobile@Work.

Changing from secure apps passcode to Touch ID/Face ID to access secure apps

The device user can change the authentication method for accessing secure apps to Touch ID/Face ID when both of the following are true:

You have selected Use Touch ID or Face ID when supported on the AppConnect global policy.
The device user has enabled the device passcode and at least one of Touch ID or Face ID.
NOTE: Screenshots in this chapter are based on Mobile@Work 9.1 for iOS. Therefore, the screenshots show only Touch ID, not Face ID, but Face ID behavior is similar.

The device user does the following in Mobile@Work:

1. The device user navigates to Settings > Secure Apps > Authentication.

2. The device user taps Enable Touch ID.

3. The device user enters the secure apps passcode to confirm the change to using Touch ID/Face ID, and taps Done.

4. The device user enters the Touch ID or Face ID.

The device user will use Touch ID or Face ID for all further authentications to secure apps, unless the device user changes the authentication method using Settings > Secure Apps > Authentication in Mobile@Work.

Changing from Touch ID/Face ID to secure apps passcode to access secure apps

The device user can change the authentication method for accessing secure apps to the secure apps passcode using the following steps in Mobile@Work:

1. The device user navigates to Settings > Secure Apps > Authentication.

2. The device user taps Disable Touch ID.

3. The device user enters the Touch ID or Face ID to confirm the change to using a secure apps passcode.

4. The device user enters a new secure apps passcode and clicks Done.

5. The device user reenters the new passcode and clicks Done.

The device user will use the secure apps passcode for all further authentication to secure apps, unless the device user changes the authentication method using Settings > Secure Apps > Authentication in Mobile@Work.