cancel
Showing results for 
Search instead for 
Did you mean: 

Use iOS Touch ID to store cached credentials in Pulse

Contributor

Use iOS Touch ID to store cached credentials in Pulse

We are working on using certificates to authenticate on-demand VPN sessions. The concern is that a stolen phone would still access the corporate VPN until the profile/cert is revoked via MDM. Also, someone's child could access corporate assets unchallenged if they are allowed to play with the phone.

Touch ID with a complex "unlock" password for the whole phone will be a good first step. This should handle the "stolen" issue. However, I think a much better solution would be to allow the username and password entered into the Pulse app be cached, and used after Touch ID authentication, the way iTunes/Apple Store allows this.

This would make use simpler for the mobile end user, yet maintain strong security for VPN.

-=Dan=-
Dan Smart
Vulcan Materials
Birmingham, AL
8 REPLIES 8
Moderator

Re: Use iOS Touch ID to store cached credentials in Pulse

That would be very nice; I don't know i you have done so, but please be sure to bring this up to your account team as an enhancement request.
Contributor

Re: Use iOS Touch ID to store cached credentials in Pulse

So the good news it there appears to be a switch for Touch ID in the current client. The bad new is it's greyed out. How do you turn this on?
Contributor

Re: Use iOS Touch ID to store cached credentials in Pulse

Here's the Pulse app for ios with Touch ID slider [img]https://www.dropbox.com/s/u8dmi26926fm9jv/IMG_1122.PNG?dl=0[/img]
Highlighted
Occasional Contributor

Re: Use iOS Touch ID to store cached credentials in Pulse

Odd that there's nothing in release notes - how do we enable this?
Contributor

Re: Use iOS Touch ID to store cached credentials in Pulse

I have an open TAC ticket to find out how this works.
Not applicable

Re: Use iOS Touch ID to store cached credentials in Pulse

Touch ID feature on the iOS client will start working only after it is enabled on the PCS admin console.

The support on the PCS Admin console to enable/disable Touch ID authentication will be out with PCS 8.2 R3 release planned later this month.
Contributor

Re: Use iOS Touch ID to store cached credentials in Pulse

Via TAC:

I have replicated in my lab device and found that touch ID is enabled in pulse client but not enabled in PCS device. However, couldn't enable the option.

In 8.2R3 PCS OS version the touch ID is supported. You have to enable settings in the below navigation:

1) Navigate to System --> Configuration --> Mobile --> Settings.
2) The option to enable touch ID will be added in 8.2R3 release.
Pulser

Re: Use iOS Touch ID to store cached credentials in Pulse

Steps to be performed on the VPN device :
-----------------------------------------

On the PCS device, need to enabled the Touch ID authentication on the following location :
1.Navigation: System > Configuration > Mobile > Touch Id Support for iOS devices > Enable Touch id for user authentication -- Save the Changes


On the IOS device:
------------------
1. On the Pulse Secure Mobile Client : Add the user Sign-in URL -- Save the Connection Set
2. At this point under the connection set, you will notice the touch ID option is disabled on the bottom right corner.(Do not worry about it)
3. Connect to the Sign-in URL that you have added, First time it will ask the user credential -- Input the credentials and Click on Sign in -- You will get a popup with "Touch id" Prompt. Click yes for using touch ID and you will be connected successfully.
5.The Second time you connect -- you will be directly prompted with the Touch ID Prompt -- Place ur Finger and get the VPN access Smiley Happy

Note : 8.2R3 has been released out on Monday