Knowledge Base

Support Policies

Salesforce1 App does not Recognize Device Fingerprint

Affected SecureAuth IdP Versions: All Versions

Description:

The Salesforce1 app doesn't allow users to bypass two-factor authentication even though a fingerprint is logged for the device.

Cause:

The Salesforce1 app does not accept cookies, so when SecureAuth tries to match the fingerprint ID with the cookie ID, it fails.

Resolution:

You will need to change the device fingerprinting settings to prevent SecureAuth from trying to match the fingerprint ID with the cookie ID.

 

Here is a sample configuration:

 

 

 

There are two main settings that you'll want to change:

System Components

Host Address/IP: 15% -> 5% or less

Mobile Settings

Match FP Id in cookie: True -> False

 

The other settings are optional, but makes the authentication more flexible:

System Components

Timezone: 6%

Screen resolution: 10%

Mobile Settings

Authentication threshold: 90%

Update threshold: 85%

 

If you change these settings, you are lowering your security as it will be more lenient for the 2nd factor bypass. Make sure you find the right balance between security and convenience!

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.