hmccracken-esristaff

Navigator supports enhanced security – and it’s configurable with your MDM!

Blog Post created by hmccracken-esristaff Employee on Sep 29, 2018

When it comes to securing access to your device and data, you can never have too much of a good thing!  That’s why, with Navigator 18.1.0 Beta 1 for iOS, we have a new setting that enables local authentication within Navigator.  Local authentication ties into your device’s Face IDTouch ID and passcode security settings.   What’s even better? It’s also available as a Managed App Configuration setting, so you can auto-configure any device managed by an MDM.

 

Here’s how it works.

 

When the “Use Local Authentication” setting in Navigator is enabled, Navigator will prompt for authentication whenever the app is launched or comes out of the background.  If Face ID is activated on the phone, you will be prompted to allow Navigator to use Face ID. When you tap OK to allow, you will then be prompted for Face ID to continue using Navigator. 

 

Allow Navigator to use Face ID

 

Note, if Face ID fails, you will be prompted to provide your passcode instead.

If Face ID fails you will be prompted to enter passcode

 

If instead, Touch ID is activated on the device, the user will be prompted to provide Touch ID authentication to continue using Navigator. 

 

 

If Touch ID is not activated on the device, the user will be prompted to provide a passcode instead.

 

Passcode input on iOS

If both Touch ID and passcode are enabled, the user will first be prompted for Touch ID, with the passcode requested only as a fallback.

 

Touch ID input, falls back to passcode

 

 

Enabling Local Authentication Manually on a device

Note, local authentication requires Face ID, Touch ID and/or passcodes to be enabled on your device. Without this, the “Use Local Authentication” setting will not be available in Navigator.

 

To enable local authentication in Navigator you first need to ensure that either Face ID, Touch ID or passcode security is set on the device. Then you need to turn on the local authentication setting in Navigator.

 

  1. Go to iOS Settings > Touch ID and Passcode or Face ID and Passcode
  2. Turn the device passcode on
  3. Optionally Add a Fingerprint to enable Touch ID, or set up Face ID
  4. Sign into Navigator with a Licensed user
  5. Tap the Account Button in the upper left. This will take you to the Profile Screen
  6. Enable “Use Local Authentication”

 

iOS Touch ID and passcode settings and Navigator local authentication setting

 


Enabling Local Authentication via the Managed App Configuration

In keeping with our efforts to support our customers deploying ESRI fields apps through MDMs, we have included local authentication as a Managed App Config setting.

 

Implementing the enableLocalAuthentication key that is of Data Type: Boolean, and setting it to true will enable this setting in Navigator on devices deployed through the MDM.  Use this, along with a device Profile that requires setting a passcode to ensure managed devices are enabled for local authentication.

 

With AirWatch, the following steps can be used to push the local authentication setting to a device.

 

  1. Under the Internal App Detail view select Assign.
  2. Select the Smart Group and choose Edit Assignment.
  3. Scroll down and enable Application Configuration
  4. Enter the following key-value pair:
    • Key: enableLocalAuthentication
    • Value Type: Boolean
    • Value: trueAirWatch Enabling Managed App Config
  5. Alternatively, you could use the Upload XML option.  If choosing this option, you need to provide an XML file. To create the XML file, create a text file (.xml extension) with the following text.  Content required for the Managed App Configuration XML file
  6. Save and Publish the changes

 

The next steps is to ensure the Profile assigned to the Smart Group, enforces setting a passcode on the device.

 

  1. Identify the Profile associated with the Smart Group in step 2 above.
  2. Under Devices > Profiles, scroll to find the Profile, and tap the pencil icon to edit
  3. Choose Passcode from the left panel, and ensure the Require passcode on device setting is checked.

 

AirWatch's Profile require passcode setting

 

To learn more about Esri’s efforts to support our customers implementing Enterprise Mobile Management (EMM) solutions see the Mobile Application Management and Esri’s Field Apps blog post.  Additionally, for more information about Esri's approach to Mobile Application Management, please read our patterns document on the ArcGIS Trust website.

Outcomes