Salesforce1 App does not Recognize Device Fingerprint

Follow
    Applies to:
  • Legacy SecureAuth IdP
Deployment model:
  • On Premises
  • Affected SecureAuth IdP Versions: All Versions

    Description:

    The Salesforce1 app doesn't allow users to bypass two-factor authentication even though a fingerprint is logged for the device.

    Cause:

    The Salesforce1 app does not accept cookies, so when SecureAuth tries to match the fingerprint ID with the cookie ID, it fails.

    Resolution:

    You will need to change the device fingerprinting settings to prevent SecureAuth from trying to match the fingerprint ID with the cookie ID.

     

    Here is a sample configuration:

     

     

     

    There are two main settings that you'll want to change:

    System Components

    Host Address/IP: 15% -> 5% or less

    Mobile Settings

    Match FP Id in cookie: True -> False

     

    The other settings are optional, but makes the authentication more flexible:

    System Components

    Timezone: 6%

    Screen resolution: 10%

    Mobile Settings

    Authentication threshold: 90%

    Update threshold: 85%

     

    If you change these settings, you are lowering your security as it will be more lenient for the 2nd factor bypass. Make sure you find the right balance between security and convenience!

    0 out of 0 found this helpful

    Comments

    0 comments

    Please sign in to leave a comment.