All Topics » Pulse Mobile Clients



Use iOS Touch ID to store cached credentials in Pulse


smartd
Contributor (2)
Apr 4, 2016 3:07pm
We are working on using certificates to authenticate on-demand VPN sessions. The concern is that a stolen phone would still access the corporate VPN until the profile/cert is revoked via MDM. Also, someone's child could access corporate assets unchallenged if they are allowed to play with the phone.

Touch ID with a complex "unlock" password for the whole phone will be a good first step. This should handle the "stolen" issue. However, I think a much better solution would be to allow the username and password entered into the Pulse app be cached, and used after Touch ID authentication, the way iTunes/Apple Store allows this.

This would make use simpler for the mobile end user, yet maintain strong security for VPN.

-=Dan=-
Dan Smart
Vulcan Materials
Birmingham, AL



zanyterp
Pulse Secure Contributor (40)
Apr 15, 2016 4:14am
That would be very nice; I don't know i you have done so, but please be sure to bring this up to your account team as an enhancement request.
smartd
Contributor (2)
Apr 15, 2016 4:25pm
So the good news it there appears to be a switch for Touch ID in the current client. The bad new is it's greyed out. How do you turn this on?
    smartd
    Contributor (2)
    Apr 15, 2016 4:31pm
    Here's the Pulse app for ios with Touch ID slider [img]https://www.dropbox.com/s/u8dmi26926fm9jv/IMG_1122.PNG?dl=0[/img]
    jpayne
    Contributor (0)
    May 3, 2016 2:36pm
    Odd that there's nothing in release notes - how do we enable this?
    smartd
    Contributor (2)
    May 3, 2016 4:44pm
    I have an open TAC ticket to find out how this works.
    vikrantn
    Contributor (0)
    May 4, 2016 5:12pm
    Touch ID feature on the iOS client will start working only after it is enabled on the PCS admin console.

    The support on the PCS Admin console to enable/disable Touch ID authentication will be out with PCS 8.2 R3 release planned later this month.
smartd
Contributor (2)
May 6, 2016 4:42pm
Via TAC:

I have replicated in my lab device and found that touch ID is enabled in pulse client but not enabled in PCS device. However, couldn't enable the option.

In 8.2R3 PCS OS version the touch ID is supported. You have to enable settings in the below navigation:

1) Navigate to System --> Configuration --> Mobile --> Settings.
2) The option to enable touch ID will be added in 8.2R3 release.
    mkbaskaran
    Contributor (0)
    May 18, 2016 12:01pm
    Steps to be performed on the VPN device :
    -----------------------------------------

    On the PCS device, need to enabled the Touch ID authentication on the following location :
    1.Navigation: System > Configuration > Mobile > Touch Id Support for iOS devices > Enable Touch id for user authentication -- Save the Changes


    On the IOS device:
    ------------------
    1. On the Pulse Secure Mobile Client : Add the user Sign-in URL -- Save the Connection Set
    2. At this point under the connection set, you will notice the touch ID option is disabled on the bottom right corner.(Do not worry about it)
    3. Connect to the Sign-in URL that you have added, First time it will ask the user credential -- Input the credentials and Click on Sign in -- You will get a popup with "Touch id" Prompt. Click yes for using touch ID and you will be connected successfully.
    5.The Second time you connect -- you will be directly prompted with the Touch ID Prompt -- Place ur Finger and get the VPN access :)

    Note : 8.2R3 has been released out on Monday