Touch ID or Face ID for accessing secure apps
The option to enable Touch ID or Face ID is available in the AppConnect Device configuration or the Default iOS AppConnect configuration.
See Quick start configuration AppConnect for iOS for information on editing an AppConnect device configuration and enabling the Touch ID option. Enabling the option automatically also enables Face ID. Secure apps passcode must be enabled to enable the Touch ID option.
Enabling the Touch ID option gives the device user the convenience of using Touch ID or Face ID rather than an AppConnect passcode to access secure apps. If entering the Touch ID or Face ID fails, the user enters (falls back to) the device passcode to access secure apps.
Device user experience with Touch ID or Face ID
The following is the device user experience for a newly registered user:
- After device users register with Go, they are prompted to create an AppConnect passcode.
- After creating the AppConnect passcode, Go gives users the option to use Touch ID or Face ID to access secure apps.
- If users choose the Touch ID or Face ID option, they can use Touch ID or Face ID when accessing secure apps after the auto-lock time has expired.
- Device users can later change their choice about using Touch ID or Face ID in Go in Settings > Secure Apps > Authentication.
See also Touch ID or Face ID – device user perspective.
Security versus convenience of passcode and Touch ID or Face ID options
AppConnect security involves:
- access to AppConnect apps.
- encrypting AppConnect-related data such as app configurations and certificates.
- encrypting data that the app saves on the device.
The following table lists possible passcode and Touch ID/Face ID choices from most secure to least secure, and discusses the level of device user convenience.
In all cases, stronger passcodes are more secure than weaker passcodes (such as a 4-digit number).
Passcode and Touch ID/Face ID configuration on Ivanti Neurons for MDM |
Security of AppConnect apps |
Convenience for device user |
Require both:
|
Highest
|
Least convenient for accessing both the device and AppConnect apps. |
Require only a device passcode |
Very high Once the device is unlocked, unauthorized users can access AppConnect apps. |
Convenient for accessing AppConnect apps, but inconvenient for accessing the device. However, the device user can make accessing the device more convenient by setting up Touch ID or Face ID for unlocking the device. |
Require only an AppConnect passcode |
High Data that the app saves to the device is not encrypted unless the app uses the secure file I/O provided in the AppConnect for iOS SDK. |
Convenient for accessing the device but inconvenient for accessing AppConnect apps. |
Require both:
|
High Other device users who have added fingerprints or Face IDs, such as family members, can also access AppConnect apps. |
Very convenient for accessing both the device and AppConnect apps. |
No passcodes required |
Lowest Note the following:
|
Most convenient for accessing both the device and AppConnect apps. |