Updated December 16, 2019
The SecureAuth Authenticate mobile app provides a multi-factor authentication method for end user validation during the login process.
The Authenticate app must first be installed on your mobile device or Chromebook and then connected to your user profile through a SecureAuth IdP mobile app enrollment realm before it can be used.
Once connected, the app can generate Time-based Passcodes (OATH TOTP), Push Notification One-time Passcodes (OTPs), Push-to-Accept / Symbol-to-Accept login requests, and fingerprint or facial recognition login requests for you to use when authenticating into your network.
In addition to iOS and Android devices, you can also set up and use the SecureAuth Authenticate app on a Chromebook. The SecureAuth IdP enrollment realm sees the Chromebook as an Android device. Although the screen shots in this document do not show a Chromebook user interface, the Android screen examples are the same as what you will see on a Chromebook.
SecureAuth Authenticate app for iOS and Android supports French, German, and Spanish languages on the user interface (UI). No special setting is necessary; if the mobile device is set to a supported language, the UI will display the supported language by default. Some error messages, enrollment, and validation page messages are sent from SecureAuth IdP or SecureAuth Identity Platform, so ensure that they have the proper language set so end users receive all messages in the appropriate language.
SecureAuth Authenticate app was validated with FIPS 140-2 compliant cryptographic libraries.
SecureAuth Authenticate app no longer supports new Huawei phones or updates to existing phones to align with the recent United States embargo.
New features and enhancements
Release Date: October 8, 2019
Compatibility: SecureAuth IdP v9.2.x and v9.3.x and the SecureAuth® Identity Platform v19.07. Additionally, biometric fingerprint and face (iOS only) recognition require SecureAuth Identity Platform v19.07 or later, using the 2019 theme.
|MD-204||On Android tablets and phones, the SecureAuth Authenticate app is optimized for appropriate device scale.|
|MD-680||On iOS phones, end users receive a guidance page to help them enable app notifications immediately after launching the SecureAuth Authenticate app for the first time. This new page helps end users understand how SecureAuth uses app notifications.|
|MD-763||Android Wear watch can display the TOTP.|
iOS and Android TOTPs are now displayed in the Accounts list by default.
Note that some sites require TOTPs to be hidden behind an account PIN that requires users to enter a PIN to see their TOTP. These TOTPs will continue to require an account PIN before they are displayed.
|MD-866||SecureAuth Authenticate app for iOS and Android supports French, German, and Spanish languages on the user interface (UI). No special setting is necessary; if the mobile device is set to a supported language, the UI will display the supported language by default.|
|MD-881||Apple Watch "Passcode Required" message changed to "Enable Watch Passcode" for greater clarity and guidance.|
|MD-862||On Apple Watches, if an end user sends a second login request while the first request is open, the latest request replaces the previous request.|
|MD-864||On Android phones versions 5-8, the PIN view is displayed in landscape and portrait orientations.|
|MD-873||On iOS phones, after end users delete their account, notifications are not displayed on the phone.|
|MD-876||On Android phones, Authenticate Settings screen is available in portrait view only. This works as designed.|
|MD-887||When an iOS device receives a SecureAuth biometric login request, the correct request-to-login text is displayed onscreen.|
|MD-911||After end users scan the QR code successfully, SecureAuth Authenticate displays the appropriate TOTP with the timer spinning. If the timer completes, a new TOTP is generated.|
|MD-912||On iOS phones, the screen no longer flashes when end users enter a PIN.|
|MD-922||SecureAuth Cloud Access app was removed from the Apple Store because it is no longer supported.|
When an Android end user exceeds the maximum incorrect PIN entry attempts, all associated accounts should be deleted, but instead are only invalidated.
Workaround: End users need to reconnect the account and retry the login.
iPhone end users enroll the Authenticate app with a URL, turn off and on the device passcode, and when they attempt to log in the account appears to be invalid. The following steps show the workflow for this scenario:
Workaround: Do not select Turn Passcode Off, then Turn Passcode On immediately after enrolling an account.
On iPhone versions 5 and SE, when end users tap the Connect Account button to connect mobile devices with a URL or QR code, the options do not open. This is an Apple bug.
On Apple Watches paired to phones, turning the passcode off and then on disables the TOTP on the watch. The Authenticate app shows an error and prompts the end user to re-enroll the device; however, the app still shows the last TOTP.
Workaround: End users can reinstall the Authenticate app on the watch and then the paired phone will push the TOTP to the watch.
iOS 13 sometimes causes push notifications to be delayed.
Workaround: End users can update their devices to 13.1.2 and then re-enroll the Authenticate app to resolve this issue.
End users must accept notifications during Authenticate app installation on mobile devices; otherwise, device registration will fail.
This scenario occurs when a SecureAuth IdP 9.3 enrollment realm TOTP seed is set to Token mode.
Workaround: If SecureAuth IdP is configured for Seed mode, mobile device registration will succeed even if the user does not accept push notifications.
When upgrading to the Identity Platform v19.07 or later, admins must use the 2019 theme and end users who already use the SecureAuth Authenticate app must reconnect their accounts to add the ability to accept biometric push notifications to use face (iOS) or fingerprint recognition through the mobile app.
Compatibility: SecureAuth IdP v9.2.x and v9.3.x and the SecureAuth® Identity Platform v19.07
|MD-201, MD-811||Biometric MFA is available for iOS (face and fingerprint recognition) and Android (fingerprint recognition only) devices.|
|MD-823||SecureAuth Authenticate app no longer supports new Huawei phones or updates to existing phones to align with the recent United States embargo.|
Android devices show a countdown for the duration of time before the passcode expires, and not just the last 10 seconds.
|MD-667||iOS Watch app syncs accounts after turning watch passcode off and then on.|
|MD-719||Authenticate app works on Samsung Galaxy J3 Prime phones.|
|MD-723||iOS Watch app does not show Password Required message when a passcode is set up.|
|MD-797||Android 5 devices display the Delete symbol appropriately.|
|MD-802||The Feedback link on the iOS Authenticate app user interface works on iPhone XS. End users who have not set up Apple Mail will receive a guidance message when selecting the Feedback link.|
|MD-805||When end users select an account on an Android phone, the account selection works consistently, as do the Move, Delete, Reconnect, and Edit functions.|
|If end users with iOS or Android devices enrolled for biometric login remove face or fingerprint recognition from the device, they will receive a guidance message to choose a different login method.|
|MD-823||On many Android phone models (MI, Letv, Huawei, Oppo, Vivo, Asus, Meizu), a battery-saving feature stops Authenticate app notifications from being displayed. To remedy this, the first time end users run the Authenticate app, they will receive a guidance message to enable the app in their phone's Settings.|
|MD-824||Android 8 and 9 phones display notifications appropriately when the Authenticate app pushes notifications to a paired Android Wear watch.|
|MD-828||iOS phones that use PIN protection consistently push the PIN to a paired Apple Watch.|
|MD-835||Android phones enrolled to use symbol-to-accept as a second factor display symbols on the mobile device correctly.|
|MD-836||Apple Watch Launch Watch app syncs automatically with the Authenticate app on a paired mobile device after upgrade.|
|MD-837||Android devices no longer close unexpectedly after end users remove a lock pattern, restore the lock pattern, and then delete the account.|
|MD-842||After end users enroll a mobile device with a URL, the device is successfully set up for One-time Passcode on the Authenticate app.|
|MD-847||When end users perform an unsuccessful QR enrollment on iOS devices, they receive a helpful error message.|
|MD-848||The Authenticate app correctly sends a One-time Passcode to Android 4.4 phones.|
|MD-852||On Android phones, if end users select an account to reconnect it by using a QR code, the selected account is replaced with a new account.|
|MD-659||Apple Watches paired with iOS phones occasionally flash a screen containing old data before updating with new data. The flash occurs very quickly; no action is required to work around the issue.|
|MD-702||On iOS devices, the passcode notification occasionally displays again after the end user presses OK and dismisses the notification. |
Workaround: End users do not need to authenticate again and can dismiss the additional passcode notification.
|MD-859||On Apple Watches, when end users receive a Symbol-to-Accept login request and then select the correct symbol, the login request times out. However, the Authenticate app on the iPhone can still complete the authentication. The issue occurs on Apple Watch Generation 3 paired to iPhone X (iOS 12.3.x) and iPhone XS (iOS 12.2.x).|
Workaround: This issue occurs so infrequently that SecureAuth Testers were unable to reproduce the issue on a majority of test devices. Testers attribute this bug to a Watch OS. After Testers performed a hard reboot of the Apple Watch, they could not replicate the bug again. If end users experience this bug, they can perform a hard reboot as a last resort. Perform a hard reboot by pressing the crown and side buttons simultaneously until the watch restarts. After the watch is restarted, it should automatically authenticate correctly.
New features and enhancements
The Android Authenticate app supports the optional security feature requiring a custom PIN (4, 6, 8, or 10 digits) to access a TOTP passcode.
The Authenticate app supports Chromebook on ChromeOS build 72.x.x.x. When end users access a TOTP passcode from the app with a PIN, Chromebook allows the transaction.
|TW-616||The Authenticate app supports iOS 12.x and Android 9.x.|
|MD-734||Authenticate App allows numbers only when creating PIN on any mobile device.|
The TOTP is displayed on one line when end users attempt to enroll an account with a QR Code using a Sony Xperia with Android 8.0.
|MD-793||All PIN digits are displayed inside the screen, regardless of PIN length.|
The numeric keyboard is displayed on a Sony Xperia XZ1 with Android 8.0.
|MD-796||Only one PIN is needed when deleting an Android account from a realm.|
|MD-773||After updating the Android Authenticate app to the latest version, the app icon is not updated automatically. The icon is updated after the phone is restarted.|
|MD-802||The Feedback link on the iOS Authenticate app user interface does not work on iPhone XS.|
|MD-804||On Chromebook, when the Authenticate app is open and a new notification arrives, a new window is created for the notification apart from the main application. When end users close the main application window, the notification window remains open.|
|MD-806||On Android, the Create New PIN screen is missing. Workaround this by using the Create PIN screen to add or delete an account on the Authenticate App.|
New features and enhancements
Rebranded the user interface.
Completed several minor bug fixes.
|For iOS, support the optional security feature requiring a custom PIN (4, 6, 8, or 10 digits) to access a TOTP passcode from the app.|
|Android 5 OS and earlier might not show the new logo rebranding.|