Use iOS Touch ID to store cached credentials in Pulse
We are working on using certificates to authenticate on-demand VPN sessions. The concern is that a stolen phone would still access the corporate VPN until the profile/cert is revoked via MDM. Also, someone's child could access corporate assets unchallenged if they are allowed to play with the phone.
Touch ID with a complex "unlock" password for the whole phone will be a good first step. This should handle the "stolen" issue. However, I think a much better solution would be to allow the username and password entered into the Pulse app be cached, and used after Touch ID authentication, the way iTunes/Apple Store allows this.
This would make use simpler for the mobile end user, yet maintain strong security for VPN.
Re: Use iOS Touch ID to store cached credentials in Pulse
Steps to be performed on the VPN device : -----------------------------------------
On the PCS device, need to enabled the Touch ID authentication on the following location : 1.Navigation: System > Configuration > Mobile > Touch Id Support for iOS devices > Enable Touch id for user authentication -- Save the Changes
On the IOS device: ------------------ 1. On the Pulse Secure Mobile Client : Add the user Sign-in URL -- Save the Connection Set 2. At this point under the connection set, you will notice the touch ID option is disabled on the bottom right corner.(Do not worry about it) 3. Connect to the Sign-in URL that you have added, First time it will ask the user credential -- Input the credentials and Click on Sign in -- You will get a popup with "Touch id" Prompt. Click yes for using touch ID and you will be connected successfully. 5.The Second time you connect -- you will be directly prompted with the Touch ID Prompt -- Place ur Finger and get the VPN access