question

RonnieJorgensen-1084 avatar image
0 Votes"
RonnieJorgensen-1084 asked ·

Can you enable biometrics fingerprint with mobile apps use Azure AD?

Just a random question really. Workday mobile app support PIN and BIOMETRICS and you can enable it in Workday tenant. Now we use Azure AD SSO when we authenticate to Workday. My question is if a mobile app support PIN and BIOMETRICS and use Azure AD SSO for authentication. Will this combination work together?? I have tested Workday native login instead of Azure AD SSO with PIN and Touch ID and that works, but at the moment i do not have a test setup of workday and azure ad SSO so cant test it in that combination. Thx in advance

azure-active-directoryazure-ad-multi-factor-authentication
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

FrankHuMSFT-3200 avatar image
0 Votes"
FrankHuMSFT-3200 answered ·

Hey @RonnieJorgensen-1084 I don't see why it wouldn't work.

The Pin and Biometrics are client side, for unlocking the device to get access to the AuthToken HMAC key, per the Android docs : https://source.android.com/security/authentication

I assume that iOS follows a similar flow, and this should allow access to the app. If pin and touch ID works, then biometrics should also work, as those authentication methods are device centric.

The actual workday app is most likely constantly refreshing the token as it follows the flow described in the Microsoft AAD SSO docs here : https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/what-is-single-sign-on#choosing-a-single-sign-on-method

More info here on implementation specifics : https://docs.microsoft.com/en-us/azure/app-service-mobile/app-service-mobile-auth#authentication-with-provider-sdk

If you're interested in learning more, I would suggest asking Workday as they are the ones who actually implemented the application and would know more on what is supported vs not supported.


· 1 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi Frank,

Thats good to know that the devices do that on their side. I will raise another question because while related in same topic its not really about workday, more about Azure SSO in general :)

I assume that if the workday app constantly refreshing the token, the PIN and Fingerprint will not work? I assume that the PIN and Fingerprint will normally cache your credentials so they can use them when you type your pin and/or fingerprint?

0 Votes 0 ·