Touch ID or Face ID – device user perspective

You can allow device users to use Touch ID or Face ID instead of a secure apps passcode to access secure apps. A secure apps passcode is not required when using Touch ID or Face ID.

Screenshots in this chapter show only Touch ID, not Face ID, but Face ID behavior is similar.

Device users are prompted to choose whether to use Touch ID or Face ID to access secure apps when:

• If the Touch ID option is enabled in the AppConnect Device configuration or the Default iOS AppConnect configuration.
• The device user has enabled the device passcode and at least one of Touch ID or Face ID.
• The device user has registered a device and then either
  • Accesses secure apps for the first time or
  • Taps Log In (to secure apps) on the MobileIron Go home screen

MobileIron Go does not present this choice on devices on which the user has not enabled both Touch ID or Face ID and the device passcode, or the device does not support Touch ID or Face ID. For those devices, MobileIron Go prompts the device user to enter a secure apps passcode.

See Touch ID or Face ID for accessing secure apps for the administrative perspective.

The overall device user experience for a newly registered user is:

1. Choose whether to use Touch ID or Face ID.

   Mobile@Work prompts device users to choose whether to use Touch ID or Face ID to access secure apps. Device users are not prompted for a secure apps passcode.

2. Use Touch ID or Face ID when the auto-lock time expires

   When the auto-lock time has expired, and device users can use Touch ID or Face ID when re-accessing secure apps.

3. Change whether to use Touch ID or Face ID.

   Device users can later change their choice about using Touch ID or Face ID:

   • Changing from secure apps passcode to Touch ID or Face ID

   • Changing from Touch ID or Face ID to secure apps passcode

See also: Touch ID or Face ID for accessing secure apps for the administrative perspective.

Choose whether to use Touch ID or Face ID

MobileIron Go gives device users the choice to use Touch ID or Face ID. However, MobileIron Go gives this choice only if the device user has already done the following in the device’s Settings > Touch ID & Passcode:

• Turned on the device passcode.

• Enabled Touch ID on the device.

Touch ID or Face ID prompt

If device users tap

• Yes, they will use Touch ID or Face ID when re-accessing secure apps after the auto-lock time expires. In all other cases for accessing secure apps, they will enter the secure apps passcode. These other cases include, for example, the first time an AppConnect app is launched or when the user logs out of secure apps in Go.

• No, they are prompted to create a secure apps passcode. They will use the secure apps passcode for all further authentications to secure apps.

Use Touch ID or Face ID when the auto-lock time expires

Go displays the following prompt for Touch ID or Face ID when device users attempt to re-access secure apps and the auto-lock time has expired.

If Touch ID or Face ID authentication fails, device users are prompted to try again and given the option to use (fallback to) the secure apps passcode:

Tapping either Cancel or Use Secure Apps passcode causes MobileIron Go to prompt the device user for the secure apps passcode.

Changing from secure apps passcode to Touch ID or Face ID

Device users can change the authentication method for accessing secure apps to Touch ID or Face ID when both of the following are true:

• If the Touch ID option is enabled in the AppConnect Device configuration or the Default iOS AppConnect configuration.

• Device users have enabled the device passcode and at least one of Touch ID or Face ID.

To change from secure apps passcode to Touch ID or Face ID, in Go:

1. Navigate to Settings > Secure Apps > Authentication.

   

2. Tap Enable Touch ID.

   Users see the following prompt to authenticate only if they were not already authenticated.

   

   If users are already authenticated, they are prompted use Touch ID or Face ID.

   

Device users continue to use Touch ID or Face ID for all further authentications to secure apps, unless they change the authentication method using Settings > Secure Apps > Authentication in Go.

Changing from Touch ID or Face ID to secure apps passcode

Device users can change the authentication method for accessing secure apps to the secure apps passcode using the following steps in Go:

1. Navigate to Settings > Secure Apps > Authentication.

   

2. Tap Disable Touch ID.

   Users see the following prompt to authenticate only if they were not already authenticated.

   

   If users are already authenticated, they are prompted to enter a new secure apps passcode.

   

3. Enter a new secure apps passcode and tap Done.

   

4. Reenter the new passcode and tap Done.

Device users continue to use the secure apps passcode for all further authentication to secure apps, unless they change the authentication method using Settings > Secure Apps > Authentication in Go.