Configuring biometrics authentication for the PingID mobile app
Allow users to authenticate using their fingerprint or Face ID.
Steps
-
In the PingID admin portal, go to Setup → PingID → Configuration, and in the Mobile App Authentication section, go to the DEVICE BIOMETRICS section.
-
Enable or to require device biometrics:
Choose from:
-
Disable: Disable device biometrics. Users are not able to authenticate using their device biometrics.
-
Enable: Enable users to authenticate with their device biometrics.
-
Require: Force users to authenticate with their device biometrics. Users with devices that do not support biometrics are prompted to authenticate using swipe authentication.
If a user’s mobile device supports biometrics, but they have not configured biometrics authentication on their device, they cannot sign on. The user receives an Authentication Error message on their mobile device and a Canceled message on their web browser.
-
-
In the Enable On section, select the check box for each operating system on which you want to enable biometrics (iOS, Android).
If biometrics authentication is disabled for an operating system, or the device does not support biometrics, the standard swipe method of authentication is used.
-
Optional: By default, iOS device users are only asked to authorize the use of Face ID for PingID authentication when pairing PingID with their device. To prevent users inadvertently authenticating using Face ID if their phone is unlocked, force users to explicitly approve a Face ID consent notification.
This option is available on devices with the PingID mobile app 1.10.0 and later, and Face ID enabled.
-
To enable Face ID consent, in the Device Biometrics section, click either Enable or Require.
-
Click iOS.
-
In the Face ID Consent field, click Enable.
-
-
If you select Require in the Device Biometrics section, in the Notification Actions section, select one of the following options:
Choose from:
-
Disable: Disable notification actions for PingID mobile app. The user is unable to approve or deny PingID mobile app authentication requests from the locked screen:
-
Android: The user cannot swipe down on the notification banner, and the Approve or Deny buttons are not available.
-
iOS: The user cannot see alternative actions when swiping to the left on the notification banner.
-
Enable: Enable notification actions for PingID mobile app. The user can approve or deny PingID mobile app authentication requests from within the notification message on their locked screen. This is the default selection.
-
Android: When the screen is locked, the user might receive a notification to authenticate, depending on the mobile device’s notification configuration. When swiping down on the notification banner, the user can select the Approve or Deny buttons.
-
iOS: The user receives a notification banner and can swipe to the left on the notification banner to see the Approve and Deny buttons.
-
-
To prevent users from bypassing the required biometrics authentication and using the passcode fallback on the mobile app, configure the Device Passcode Fallback field.
If biometrics authentication fails, by default, the user falls back to the device’s passcode to authenticate.
This configuration is only relevant to iOS when the following conditions apply:
-
Device Biometrics is set to Require.
-
iOS is selected.
-
Notification Actions is set to Disable.
Choose from:
-
Disable: When the Disable option is selected, users are prevented from using the passcode fallback and cannot bypass the required biometrics authentication on the application.
-
Only users with biometrics defined on their device, such as fingerprints or face scan, can authenticate successfully.
-
If the authentication is unsuccessful, users can retry up to the maximum number of retries permitted by the OS. This is not configurable.
-
If all retries are unsuccessful, access is denied, and a notification is displayed on both the accessing device browser and the mobile app.
-
Enable: When the Enable option is selected, and biometrics authentication fails, the user can use the device’s passcode to authenticate with PingID. This is the default selection.
-
PingID 1.6.4 and later support device passcode fallback.
-
Mobile device management (MDM) can be used to prevent the user from updating the mobile lock abilities, or adding other users' fingerprints to a mobile device.
-
If there are users who have installed the mobile app before this setting was applied, the settings apply the next time the user is online.
-
-
-
Click Save.
Samsung Galaxy S5 devices have a known bug that can cause fingerprint data to become corrupted, preventing PingID from launching properly. Specifically:
-
The data corruption issue is a device problem (not a bug in PingID) as can be seen from sites such as: https://gs5.gadgethacks.com/how-to/4-ways-fix-your-galaxy-s5-s-dysfunctional-fingerprint-scanner-0158909/
-
If biometrics authentication is configured by the administrator for the organization, S5 device owners may experience a PingID launch problem due to fingerprint data corruption. This may occur even if the S5 devices were not configured for fingerprint support.
The following tables describe the user experience according to the operating system and configuration setting combination.
-
Biometrics configured on device | State | Disable notification actions | Banner actions on locked screen | Banner actions on unlocked screen | User swipes banner right on locked screen | User presses (taps) banner on unlocked screen |
---|---|---|---|---|---|---|
Yes |
Enabled |
N/A (There is no option to change this in the UI.) |
|
Swipe the banner down to display the Approve and Deny buttons. When approved, authentication completes. No biometrics are required. |
Unlock with Touch ID or passcode. When approved, the PingID app opens and requests biometrics authentication. |
The PingID app opens and requests biometrics authentication. |
Yes |
Required |
Disabled (Checked) |
|
|
The PingID app opens and requests biometrics authentication. |
The PingID app opens and requests biometrics authentication. |
Yes |
Required |
Enabled (Unchecked) |
|
Swipe the banner down to display the Approve and Deny buttons. When approved, authentication completes. |
The PingID app opens and requests biometrics authentication. |
The PingID app opens and requests biometrics authentication. |
Not configured / Not supported |
Enabled |
N/A |
|
Swipe the banner down to display the Approve and Deny buttons. When approved, authentication completes. |
Unlock with passcode. When approved, the PingID app opens and requests swipe authentication. |
The PingID app opens and requests swipe authentication. |
Not configured / Not supported |
Required |
Disabled (Checked) |
There is no swipe left option. |
|
Unlock with passcode. When approved, the PingID app opens and displays an error. |
The PingID app displays an error. |
Not configured / Not supported |
Required |
Enabled (Unchecked) |
|
Swipe the banner down to display the Approve and Deny buttons. When approved, the PingID app displays an error. |
Unlock with passcode. When approved, the PingID app opens and displays an error. |
The PingID app displays an error. |
Fingerprint configured on device | State | Disable notification actions | Banner actions on locked screen | Banner actions on unlocked screen | User taps on banner on locked screen |
---|---|---|---|---|---|
Yes |
Enabled |
N/A |
Show content:
Hide content:
Do not show notifications:
|
The PingID app opens and requests fingerprint authentication. |
|
Yes |
Required |
Disabled (Checked) |
Show content:
Hide content:
Do not show notifications:
|
The PingID app opens and requests fingerprint authentication. |
|
Yes |
Required |
Enabled (Unchecked) |
Show content:
Hide content:
Do not show notifications:
|
The PingID app opens, requesting fingerprint authentication. |
The PingID app opens and requests fingerprint authentication. |
Not configured / Not supported |
Enabled |
N/A |
|
|
The PingID swipe screen is displayed. |
Not configured / Not supported |
Required |
Disabled (Checked) |
Show content:
Hide content:
Do not show notifications:
|
The PingID app displays an error. |
The PingID app displays an error. |
Not configured / Not supported |
Required |
Enabled (Unchecked) |
Show content:
Hide content:
Do not show notifications:
|
The PingID app displays an error. |
The PingID app displays an error. |