Documentation


Updated April 1, 2020

The SecureAuth Authenticate mobile app provides a multi-factor authentication method for end user validation during the login process.

The Authenticate app must first be installed on your mobile device or Chromebook and then connected to your user profile through a SecureAuth IdP mobile app enrollment realm before it can be used.

Once connected, the app can generate Time-based Passcodes (OATH TOTP), Push Notification One-time Passcodes (OTPs), Push-to-Accept / Symbol-to-Accept login requests, and fingerprint or facial recognition login requests for you to use when authenticating into your network.

In addition to iOS and Android devices, you can also set up and use the SecureAuth Authenticate app on a Chromebook. The SecureAuth IdP enrollment realm sees the Chromebook as an Android device. Although the screen shots in this document do not show a Chromebook user interface, the Android screen examples are the same as what you will see on a Chromebook.

SecureAuth Authenticate app for iOS and Android supports French, German, and Spanish languages on the user interface (UI). No special setting is necessary; if the mobile device is set to a supported language, the UI will display the supported language by default. Some error messages, enrollment, and validation page messages are sent from SecureAuth IdP or SecureAuth Identity Platform, so ensure that they have the proper language set so end users receive all messages in the appropriate language.

See the Release notes to learn about new features, enhancements, resolved issues, and known issues.

SecureAuth Authenticate app is compliant with FIPS 140-2.

DISCLAIMER:

SecureAuth Authenticate app no longer supports new Huawei phones or updates to existing phones to align with the recent United States embargo.


Release notes 

New features and enhancements

Version: 20.03
Release Date: April 1, 2020
Compatibility: SecureAuth IdP v9.2.x and v9.3.x and the SecureAuth Identity Platform v19.07. Additionally, biometric fingerprint and face (iOS only) recognition require SecureAuth Identity Platform v19.07 or later, using the 2019 theme.

MD-347The administrator can configure an existing corporate Helpdesk email address to the new "Send Email to Helpdesk" link on the Settings screen. End users can click the link to send an email message to their corporate Helpdesk with a description of the problem and optional screenshots. This feature is available for sites using a mobile device management (MDM) tool that supports the AppConfig Community standard.
MD-955On iOS, push-to-accept Accept and Deny notification buttons are larger and more separated for improved ease-of-use.
MD-947
MD-957
When end users run mobile devices in dark mode, the Authenticate app also runs in dark mode.
MD-1035On Android devices, the Authenticate app added a flag to prevent rogue apps from capturing end user screens.

Resolved issues 

MD-958On iPhone versions 5 and SE, end users can either tap the + icon at the top or the Connect Account button at the bottom to receive the QR code or URL connect options.
MD-968On Galaxy S7 and Galaxy J3 Mission with Android 8 phones, on the PIN entry screen, when end users tap the padlock icon, the Enter PIN pop-up is displayed once only.
MD-969

When end users tap to select an account with a PIN, the numeric keyboard is opened; if the account does not have a PIN, the keyboard is not displayed because the TOTP is displayed.

MD-970On Android, TOTP digits are displayed on one line only in the TOTP list view.
MD-976On iPhones running iOS 13 or later, a push-to-accept request displays in the Authenticate app in the foreground.
MD-982On iOS, in the Edit view, after end users close the Edit view, the Delete and Reconnect buttons also are dismissed and the Account list is displayed.
MD-985On Android, when reconnecting an account, if end users originally connected an account to their user profile with a URL, they will skip the Reconnect Account screen and see the SecureAuth IdP realm login screen for the original URL. (This matches the current iOS workflow.)
MD-998On iOS, Authenticate app does not display notifications after end users disable a passcode or disconnect an account.
MD-1000On iOS, when end users disable a passcode and then enable it again, they can reconnect or connect new accounts.
MD-1001On iOS, the push notification error title and guidance text were updated.

Known issues 

MD-951

On iOS, if a biometric notification is sent to a locked phone that is paired to an Apple Watch and the end user accepts or denies the request on the phone, the notification on the watch is not dismissed. The user can accept or deny the notification on the watch although the notification is invalid.

Workaround: None; Apple Watch is working as designed

MD-1023

On iOS devices, end users can invalidate their account if they disable lock passcode and then re-enable lock passcode in Settings.

Workaround: None

TW-926

When upgrading to the Identity Platform v19.07 or later, admins must use the 2019 theme and end users who already use the SecureAuth Authenticate app must reconnect their accounts to add the ability to accept biometric push notifications to use face (iOS) or fingerprint recognition through the mobile app. 

Workaround: None

Version 19.12, 19.12.01 - Release Date: December 20, 2019

Hotfix

Version: 19.12.01
Release Date: December 20, 2019
Compatibility: SecureAuth IdP v9.2.x and v9.3.x and the SecureAuth Identity Platform v19.07. Additionally, biometric fingerprint and face (iOS only) recognition require SecureAuth Identity Platform v19.07 or later, using the 2019 theme.

MD-986

When using the Microsoft Intune integration with iOS devices, after end users download the Authenticate mobile app and select it for use, they no longer need to reopen the app to authenticate. They are correctly directed to the enrollment URL.

iOS users can download the Authenticate app from the Apple Store: https://itunes.apple.com/us/app/secureauth-otp/id615536686

Known issue

TW-926

When upgrading to the Identity Platform v19.07 or later, admins must use the 2019 theme and end users who already use the SecureAuth Authenticate app must reconnect their accounts to add the ability to accept biometric push notifications to use face (iOS) or fingerprint recognition through the mobile app.

Workaround: None

New features and enhancements

Version: 19.12
Release Date: December 17, 2019
Compatibility: SecureAuth IdP v9.2.x and v9.3.x and the SecureAuth Identity Platform v19.07. Additionally, biometric fingerprint and face (iOS only) recognition require SecureAuth Identity Platform v19.07 or later, using the 2019 theme.

MD-950Organizations that use Microsoft Intune to manage mobile devices can configure an integration with the Authenticate app so end users can bypass entering the enrollment URL to create an account in the Authenticate app. End users then need to only register their account to authenticate.

Resolved issues 

MD-924On Android 6 (Redmi Note 3), after an end user enrolls an account and uses it to authenticate, biometric factors are displayed.
MD-930On iOS, when both phone and paired watch are locked and an end user receives a biometric request on the Apple Watch, the notification on the paired phone continues to be displayed.
MD-940On iOS 13.1.2 accounts with an associated PIN, the TOTP digits are displayed properly.
MD-942On Apple Watches, when an end user taps the biometric request, the message for face ID or touch ID is displayed correctly.
MD-948On Apple Watches, the passcode notification Dismiss button is displayed correctly.
MD-954On iOS, the Authenticate app displays all passcode numbers, regardless of phone version. The "Copied" text is displayed as a pop-up message (and not next to the passcode numbers) to ensure that passcode numbers are not truncated.

Known issues 

MD-961

On Android phones, SecureAuth eight-digit TOTP codes are displayed across multiple lines. This issue was reproduced on a Samsung Galaxy S10 phone, but might also occur on other Android models and older iPhones with narrow screens.

Workaround: None

MD-978

iPhone 6S sometimes truncates eight-digit passcodes to six digits in the Authenticate app. 

Workaround: None

MD-984

On Apple Watches paired to phones, turning the passcode off and then on disables the TOTP on the watch. The Authenticate app shows an error and prompts the end user to re-enroll the device; however, the app still shows the last TOTP. 

Workaround: End users can reinstall the Authenticate app on the watch and then the paired phone will push the TOTP to the watch.

TW-926

When upgrading to the Identity Platform v19.07 or later, admins must use the 2019 theme and end users who already use the SecureAuth Authenticate app must reconnect their accounts to add the ability to accept biometric push notifications to use face (iOS) or fingerprint recognition through the mobile app. 

Workaround: None

Related information

SecureAuth Authenticate App v19.12 for iOS and Android

  • No labels