Updated April 1, 2020
The SecureAuth Authenticate mobile app provides a multi-factor authentication method for end user validation during the login process.
The Authenticate app must first be installed on your mobile device or Chromebook and then connected to your user profile through a SecureAuth IdP mobile app enrollment realm before it can be used.
Once connected, the app can generate Time-based Passcodes (OATH TOTP), Push Notification One-time Passcodes (OTPs), Push-to-Accept / Symbol-to-Accept login requests, and fingerprint or facial recognition login requests for you to use when authenticating into your network.
In addition to iOS and Android devices, you can also set up and use the SecureAuth Authenticate app on a Chromebook. The SecureAuth IdP enrollment realm sees the Chromebook as an Android device. Although the screen shots in this document do not show a Chromebook user interface, the Android screen examples are the same as what you will see on a Chromebook.
SecureAuth Authenticate app for iOS and Android supports French, German, and Spanish languages on the user interface (UI). No special setting is necessary; if the mobile device is set to a supported language, the UI will display the supported language by default. Some error messages, enrollment, and validation page messages are sent from SecureAuth IdP or SecureAuth Identity Platform, so ensure that they have the proper language set so end users receive all messages in the appropriate language.
See the Release notes to learn about new features, enhancements, resolved issues, and known issues.
SecureAuth Authenticate app is compliant with FIPS 140-2.
DISCLAIMER:
SecureAuth Authenticate app no longer supports new Huawei phones or updates to existing phones to align with the recent United States embargo.
Release notes
The following sections describe the release highlights and enhancements, including resolved and known issues, for the SecureAuth Authenticate app version 20.03.
Release highlights
Read on to learn more about the new features in the Authenticate app version 20.03.
Associate your corporate Helpdesk email address as Settings screen link
You can configure your existing corporate Helpdesk email address to the new "Send Email to Helpdesk" link on the Settings screen. End users can click the link to send an email message to their corporate Helpdesk with a description of the problem and optional screenshots.
This feature is available for sites using a mobile device management (MDM) tool that supports the AppConfig Community standard.
Dark mode available on Authenticate app
When end users run their mobile devices in dark mode, the Authenticate app also runs in dark mode.
Android devices gain added security
On Android devices, the Authenticate app added a flag to prevent rogue apps from capturing end user screens.
Enhancements
Version: 20.03
Release Date: April 1, 2020
Compatibility: Note the following compatibility requirements:
- SecureAuth IdP v9.2.x or later and the SecureAuth Identity Platform v19.07 or later
- Biometric fingerprint and face (iOS only) recognition require SecureAuth Identity Platform v19.07 or later, using the 2019 theme.
| MD-955 | On iOS, push-to-accept Accept and Deny notification buttons are larger and more separated for improved ease-of-use. |
| MD-958 | On iPhone versions 5 and SE, end users can either tap the + icon at the top or the Connect Account button at the bottom to receive the QR code or URL connect options. |
| MD-968 | On Galaxy S7 and Galaxy J3 Mission with Android 8 phones, on the PIN entry screen, when end users tap the padlock icon, the Enter PIN pop-up is displayed once only. |
| MD-969 | When end users tap to select an account with a PIN, the numeric keyboard is opened; if the account does not have a PIN, the keyboard is not displayed because the TOTP is displayed. |
| MD-970 | On Android, TOTP digits are displayed on one line only in the TOTP list view. |
| MD-976 | On iPhones running iOS 13 or later, a push-to-accept request displays in the Authenticate app in the foreground. |
| MD-982 | On iOS, in the Edit view, after end users close the Edit view, the Delete and Reconnect buttons also are dismissed and the Account list is displayed. |
| MD-985 | On Android, when reconnecting an account, if end users originally connected an account to their user profile with a URL, they will skip the Reconnect Account screen and see the SecureAuth IdP realm login screen for the original URL. (This matches the current iOS workflow.) |
| MD-998 | On iOS, Authenticate app does not display notifications after end users disable a passcode or disconnect an account. |
| MD-1000 | On iOS, when end users disable a passcode and then enable it again, they can reconnect or connect new accounts. |
| MD-1001 | On iOS, the push notification error title and guidance text were updated. |
Known issues
| MD-951 | On iOS, if a biometric notification is sent to a locked phone that is paired to an Apple Watch and the end user accepts or denies the request on the phone, the notification on the watch is not dismissed. The user can accept or deny the notification on the watch although the notification is invalid. Workaround: None; Apple Watch is working as designed |
| MD-1023 | On iOS devices, end users can invalidate their account if they disable lock passcode and then re-enable lock passcode in Settings. Workaround: None |
| TW-926 | When upgrading to the Identity Platform v19.07 or later, admins must use the 2019 theme and end users who already use the SecureAuth Authenticate app must reconnect their accounts to add the ability to accept biometric push notifications to use face (iOS) or fingerprint recognition through the mobile app. Workaround: None |