Allow users to authenticate using their fingerprint or Face ID.
-
In the PingID admin portal, go to Setup > PingID > Configuration, and in the Mobile App Authentication section,
go to the DEVICE BIOMETRICS section.
-
Enable or to require device biometrics:
- Disable: Disable device biometrics. Users are not able to authenticate using their device biometrics.
- Enable: Enable users to authenticate with their device biometrics.
- Require: Force users to authenticate with their device biometrics. Users with devices that do not support biometrics are prompted to authenticate using swipe authentication.
Note:If a user's mobile device supports biometrics, but they have not configured biometrics authentication on their device, they cannot sign on. The user receives an Authentication Error message on their mobile device and a Canceled message on their web browser.
-
In the Enable On section, select the check box for each
operating system on which you want to enable biometrics (iOS,
Android).
Note:
If biometrics authentication is disabled for an operating system, or the device does not support biometrics, the standard swipe method of authentication is used.
- Optional:
By default, iOS device users are only asked to authorize the use of Face ID for
PingID authentication when pairing PingID with their device. To prevent users
inadvertently authenticating using Face ID if their phone is unlocked, force users to
explicitly approve a Face ID consent notification.
Note:
This option is available on devices with the PingID mobile app 1.10.0 and later, and Face ID enabled.
- To enable Face ID consent, in the Device Biometrics section, click either Enable or Require.
- Click iOS.
- In the Face ID Consent field, click Enable.
-
If you select Require in the Device
Biometrics section, in the Notification Actions
section, select one of the following options:
- Disable: Disable notification actions for PingID
mobile app. The user is unable to approve or deny PingID mobile app authentication
requests from the locked screen:
- Android: The user cannot swipe down on the notification banner, and the Approve or Deny buttons are not available.
- iOS: The user cannot see alternative actions when swiping to the left on the notification banner.
- Enable: Enable notification actions for PingID mobile
app. The user can approve or deny PingID mobile app authentication requests from
within the notification message on their locked screen. This is the default
selection.
- Android: When the screen is locked, the user might receive a notification to authenticate, depending on the mobile device's notification configuration. When swiping down on the notification banner, the user can select the Approve or Deny buttons.
- iOS: The user receives a notification banner and can swipe to the left on the notification banner to see the Approve and Deny buttons.
- Disable: Disable notification actions for PingID
mobile app. The user is unable to approve or deny PingID mobile app authentication
requests from the locked screen:
-
To prevent users from bypassing the required biometrics authentication and using
the passcode fallback on the mobile app, configure the Device Passcode
Fallback field.
If biometrics authentication fails, by default, the user falls back to the device's passcode to authenticate.
Note:This configuration is only relevant to iOS when the following conditions apply:
- Device Biometrics is set to Require.
- iOS is selected.
- Notification Actions is set to Disable.
-
Disable: When the Disable option is
selected, users are prevented from using the passcode fallback and cannot bypass
the required biometrics authentication on the application.
- Only users with biometrics defined on their device, such as fingerprints or face scan, can authenticate successfully.
- If the authentication is unsuccessful, users can retry up to the maximum number of retries permitted by the OS. This is not configurable.
- If all retries are unsuccessful, access is denied, and a notification is displayed on both the accessing device browser and the mobile app.
- Enable: When the Enable option is selected, and biometrics authentication fails, the user can use the device's passcode to authenticate with PingID. This is the default selection.
Important:- PingID 1.6.4 and later support device passcode fallback.
- Mobile device management (MDM) can be used to prevent the user from updating the mobile lock abilities, or adding other users' fingerprints to a mobile device.
- If there are users who have installed the mobile app before this setting was applied, the settings apply the next time the user is online.
-
Click Save.
Note:Samsung Galaxy S5 devices have a known bug that can cause fingerprint data to become corrupted, preventing PingID from launching properly. Specifically:
- The data corruption issue is a device problem (not a bug in PingID) as can be seen from sites such as: https://gs5.gadgethacks.com/how-to/4-ways-fix-your-galaxy-s5-s-dysfunctional-fingerprint-scanner-0158909/
- If biometrics authentication is configured by the administrator for the organization, S5 device owners may experience a PingID launch problem due to fingerprint data corruption. This may occur even if the S5 devices were not configured for fingerprint support.
The following tables describe the user experience according to the operating system and configuration setting combination.
Cases Matrix for iPhone iOS 8+ Devices Biometrics configured on device State Disable notification actions Banner actions on locked screen Banner actions on unlocked screen User swipes banner right on locked screen User presses (taps) banner on unlocked screen Yes
Enabled
N/A (There is no option to change this in the UI.)
- Swipe left.
The Deny and Approve buttons are displayed.
- When approved, unlock with Touch ID or passcode.
Swipe the banner down to display the Approve and Deny buttons.
When approved, authentication completes. No biometrics are required.
Unlock with Touch ID or passcode.
When approved, the PingID app opens and requests biometrics authentication.
The PingID app opens and requests biometrics authentication.
Yes
Required
Disabled (Checked)
- There is no swipe left option.
- The user must open the app and use biometrics authentication.
- Banner display only.
- No actions.
The PingID app opens and requests biometrics authentication.
The PingID app opens and requests biometrics authentication.
Yes
Required
Enabled (Unchecked)
- Swipe left.
The Deny and Approve buttons are displayed.
- Once approved, unlock with Touch ID or passcode.
Swipe the banner down to display the Approve and Deny buttons.
When approved, authentication completes.
The PingID app opens and requests biometrics authentication.
The PingID app opens and requests biometrics authentication.
Not configured / Not supported
Enabled
N/A
- Swipe left.
- The Deny and Approve buttons are displayed.
- When 'approved', unlock with passcode.
Swipe the banner down to display the Approve and Deny buttons.
When approved, authentication completes.
Unlock with passcode.
When approved, the PingID app opens and requests swipe authentication.
The PingID app opens and requests swipe authentication.
Not configured / Not supported
Required
Disabled (Checked)
There is no swipe left option.
- Banner display only.
- No actions.
Unlock with passcode.
When approved, the PingID app opens and displays an error.
The PingID app displays an error.
Not configured / Not supported
Required
Enabled (Unchecked)
- Swipe left.
The Deny and Approve buttons are displayed.
- Once approved, unlock with passcode.
- The PingID app displays an error.
Swipe the banner down to display the Approve and Deny buttons.
When approved, the PingID app displays an error.
Unlock with passcode.
When approved, the PingID app opens and displays an error.
The PingID app displays an error.
Cases Matrix for Android 5.0+ Devices Fingerprint configured on device State Disable notification actions Banner actions on locked screen Banner actions on unlocked screen User taps on banner on locked screen Yes
Enabled
N/A
Show content:
- A notification is displayed.
- Swipe down to display the Deny and Approve buttons.
- When approved, the user is prompted to unlock the device using fingerprint, and authentication completes.
Hide content:
- Displays a notification without the Deny and Approve buttons.
- Tap the notification to reach the prompt to unlock.
- When unlocked, the PingID app opens, requesting fingerprint authentication.
Do not show notifications:
- Lights the screen and sounds a beep.
- Unlock the device.
- The PingID app opens, requesting fingerprint authentication.
The PingID app opens and requests fingerprint authentication.
- The user is prompted to unlock the device.
- When unlocked, the PingID app opens and requests fingerprint authentication.
Yes
Required
Disabled (Checked)
Show content:
- Displays a notification without the Deny and Approve buttons.
- Tap the notification to reach the prompt to unlock.
- fingerprint
Hide content:
- Displays a notification without the Deny and Approve buttons.
- Tap the notification to reach the prompt to unlock.
- When unlocked, the PingID app opens, requesting fingerprint authentication.
Do not show notifications:
- Lights the screen and sounds a beep.
- Unlock the device.
- The PingID app opens, requesting fingerprint authentication.
The PingID app opens and requests fingerprint authentication.
- The user is prompted to unlock the device.
- When unlocked, the PingID app opens and requests fingerprint authentication.
Yes
Required
Enabled (Unchecked)
Show content:
- A notification is displayed.
- Swipe down to display the Deny and Approve buttons.
- When approved, the user is prompted to unlock the device using fingerprint, and authentication completes.
Hide content:
- Displays a notification without the Deny and Approve buttons.
- Tap the notification to reach the prompt to unlock.
- When unlocked, the PingID app opens, requesting fingerprint authentication.
Do not show notifications:
- Lights the screen and sounds a beep.
- Unlock the device.
- The PingID app opens, requesting fingerprint authentication.
The PingID app opens, requesting fingerprint authentication.
The PingID app opens and requests fingerprint authentication.
Not configured / Not supported
Enabled
N/A
- No banner display.
- The app prompts for PingID swipe.
- No banner display.
- The app prompts for PingID swipe.
The PingID swipe screen is displayed.
Not configured / Not supported
Required
Disabled (Checked)
Show content:
- Displays a notification without the Deny and Approve buttons.
- Tap the notification to reach the prompt to unlock.
- When unlocked, the PingID app displays an error.
Hide content:
- Displays a notification without the Deny and Approve buttons.
- Tap the notification to reach the prompt to unlock.
- When unlocked, the PingID app displays an error.
Do not show notifications:
- Lights the screen and sounds a beep.
- Unlock the device.
- The PingID app displays an error.
The PingID app displays an error.
The PingID app displays an error.
Not configured / Not supported
Required
Enabled (Unchecked)
Show content:
- A notification is displayed.
- Swipe down to display the Deny and Approve buttons.
- When approved, the user is prompted to unlock the device using fingerprint, and the PingID app displays an error.
Hide content:
- Displays a notification without the Deny and Approve buttons.
- Tap the notification to reach the prompt to unlock.
- When unlocked, the PingID app displays an error.
Do not show notifications:
- Lights the screen and sounds a beep.
- Unlock the device.
- The PingID app displays an error.
The PingID app displays an error.
The PingID app displays an error.