Touch ID or Face ID with fallback to AppConnect passcode -- device user perspective
You can allow the device user to use Touch ID/Face ID instead of a secure apps passcode to access secure apps. Two options are available:
| • | Touch ID or Face ID with fallback to device passcode |
| • | Touch ID or Face ID with fallback to AppConnect passcode |
Although not the common choice, some customers use Touch ID or Face ID with fallback to AppConnect passcode when they have a compelling reason to not require a strong device passcode for device users.
| NOTE: | Screenshots in this chapter are based on Mobile@Work 9.1 for iOS. Therefore, the screenshots show only Touch ID, not Face ID, but Face ID behavior is similar. |
The overall device user experience for a newly registered user is:
| 1. | The device user creates an AppConnect passcode |
After the device user registers with Mobile@Work, Mobile@Work prompts the device user to create an AppConnect passcode.
| 2. | The device user chooses whether to use Touch ID/Face ID. |
After creating the AppConnect passcode, Mobile@Work gives the user the option to use Touch ID or Face ID to access secure apps
| 3. | The device user uses Touch ID/Face ID when the auto-lock time expires |
When the auto-lock time has expired, and the device user can use Touch ID or Face ID when re-accessing secure apps.
| 4. | The device user changes Touch ID/Face ID choice |
The device user can later use Mobile@Work settings to change his choice about using Touch ID/Face ID.
See also: Touch ID or Face ID for accessing secure apps for the administrative perspective.
The device user creates an AppConnect passcode
Mobile@Work prompts the device user to create an AppConnect passcode when the device user has registered a device and then either:
| • | Accesses secure apps for the first time or |
| • | Taps Log In (to secure apps) on the Mobile@Work home screen |
The device user chooses whether to use Touch ID/Face ID
| NOTE: | Screenshots in this chapter are based on Mobile@Work 9.1 for iOS. Therefore, the screenshots show only Touch ID, not Face ID, but Face ID behavior is similar. |
After creating the AppConnect passcode, Mobile@Work gives the device user the choice to use Touch ID or Face ID with fallback to the AppConnect passcode, or to use only the AppConnect passcode for accessing secure apps. However, Mobile@Work gives this choice only if the device user has already done the following in the device’s Settings > Touch ID & Passcode:
| • | Turned on the device passcode. |
| • | Enabled Touch ID on the device, and created a fingerprint. |
If the device user has taken these actions, Mobile@Work displays the following:
If the device user taps
| • | Yes, he will use Touch ID/Face ID when re-accessing secure apps after the auto-lock time expires. In all other cases for accessing secure apps he will enter the AppConnect passcode. These other cases include, for example, the first time an AppConnect app is launched or when the user logs out of secure apps in Mobile@Work. |
| • | No, he will use the AppConnect passcode for all further authentications to secure apps. |
The device user uses Touch ID/Face ID when the auto-lock time expires
| NOTE: | Screenshots in this chapter are based on Mobile@Work 9.1 for iOS. Therefore, the screenshots show only Touch ID, not Face ID, but Face ID behavior is similar. |
When the auto-lock time has expired, and the device user attempts to re-access secure apps, Mobile@Work displays the following:
The device user enters the Touch ID or Face ID to access secure apps. If entering the Touch ID or Face ID fails, the device user is prompted to try again, and given the option to use (fallback to) the secure apps passcode:
| NOTE: | Tapping either Cancel or Use Secure Apps passcode causes Mobile@Work to prompt the device user for the secure apps passcode. |
The device user changes Touch ID/Face ID choice
| NOTE: | Screenshots in this chapter are based on Mobile@Work 9.1 for iOS. Therefore, the screenshots show only Touch ID, not Face ID, but Face ID behavior is similar. |
The device user can change the choice to use Touch ID using Settings > Secure Apps > Authentication in Mobile@Work.
For example, if the device user is using Touch ID or Face ID, the screen displays the following:
If the device user taps Disable Touch ID, Mobile@Work will prompt for the secure apps passcode for all further access to secure apps.
To enable Touch ID/Face ID later, the device user can again navigate to Settings > Secure Apps > Authentication and tap Enable Touch ID.
