Biometric Authentication on iOS

You can now enable Biometric Authentication for your Notes ID. This feature allows users to unlock their Notes ID with either Face ID or Touch ID.

Once enabled, subsequent launches of HCL Nomad invoke either a Face ID or Touch ID prompt (dependent on your device). If the user is authenticated, then the Notes ID is unlocked. If the user’s Face ID or Touch ID is unable to be authenticated, the user is prompted to provide their biometric ID again. If this fails or the user presses Cancel, the user is prompted to input their device passcode (this passcode backs up the device biometry).

Enabling Biometric Authentication

Biometric authentication can be enabled during initial setup or during subsequent launches of the application.

The Notes ID prompt now includes one of the following option:
  • Enable Face ID
  • Enable Touch ID
When you are prompted for your Notes ID password, input your Notes ID password and tap Enable Face ID or Enable Touch ID.

HCL Nomad verifies your password, then iOS asks you: Do you want to allow “HCL Nomad” to use Face ID?. If you would like to proceed with enabling the use of Face ID with HCL Nomad, tap OK. Your “Face ID” will be scanned and your Notes ID will be enabled for Biometric Authentication.

Requirements

  • A device passcode must be set on the device.
  • Face ID or Touch ID must be enabled on the device.
  • HCL Nomad must have permission to use Face ID or Touch ID.
    Note: If the device passcode is removed after a Notes ID has been enabled with Biometric Authentication, then HCL Nomad will no longer be able to unlock the enabled Notes ID. The user will have to uninstall HCL Nomad and re-install HCL Nomad with a password protected Notes ID in order to continue.

Considerations

  • Once HCL Nomad is enabled for Biometric Authentication, there is no way to revert the local Notes ID back to being password protected. If a user wants to go back to utilizing their Notes ID password, they have to reinstall HCL Nomad with a password protected Notes ID.
  • Notes IDs that are protected with Biometric Authentication will not ID Sync with Domino server 11.x and earlier. Domino server version 12 will support the ID sync of Notes IDs enabled for Biometric Authentication. ID Sync affects the administrators ability to sync a key rollover or a rename of a user to a user’s Notes ID. As a workaround, if an administrator performs one of these operations and the ID vaulted Domino server does not support Biometric Authentication, then the user can reinstall HCL Nomad to pick up the new ID changes from the ID Vault.
  • HCL Nomad 1.0.9 does not support the use of Notes ID password for users with server-side password checking enabled and multiple Notes based clients. Biometric Authentication can be enabled for users with NSL enabled via policy to allow for continued use of HCL Nomad. For more information, see this article.

Management

Biometric Authentication can be managed by a setting enableBiometricSetup, which is available in both the MDM AppConfig settings and through MarvelClient. When enabled, the user has the option to enable Biometric Authentication.

For more on managing via MDM, see Managing HCL Nomad via an MDM provider.

For more on managing via Marvel Client, see HCL Nomad and panagenda MarvelClient.