Can you enable biometrics fingerprint with mobile apps use Azure AD?

Ronnie Jorgensen 1 Reputation point
2020-01-16T15:25:53.203+00:00

Just a random question really. Workday mobile app support PIN and BIOMETRICS and you can enable it in Workday tenant. Now we use Azure AD SSO when we authenticate to Workday. My question is if a mobile app support PIN and BIOMETRICS and use Azure AD SSO for authentication. Will this combination work together?? I have tested Workday native login instead of Azure AD SSO with PIN and Touch ID and that works, but at the moment i do not have a test setup of workday and azure ad SSO so cant test it in that combination. Thx in advance

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,183 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. FrankHu-MSFT 976 Reputation points
    2020-01-17T01:17:17.707+00:00

    Hey @Ronnie Jorgensen I don't see why it wouldn't work.

    The Pin and Biometrics are client side, for unlocking the device to get access to the AuthToken HMAC key, per the Android docs : https://source.android.com/security/authentication

    I assume that iOS follows a similar flow, and this should allow access to the app. If pin and touch ID works, then biometrics should also work, as those authentication methods are device centric.

    The actual workday app is most likely constantly refreshing the token as it follows the flow described in the Microsoft AAD SSO docs here : https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/what-is-single-sign-on#choosing-a-single-sign-on-method

    More info here on implementation specifics : https://learn.microsoft.com/en-us/azure/app-service-mobile/app-service-mobile-auth#authentication-with-provider-sdk

    If you're interested in learning more, I would suggest asking Workday as they are the ones who actually implemented the application and would know more on what is supported vs not supported.