Affected SecureAuth IdP Versions: All Versions
The Salesforce1 app doesn't allow users to bypass two-factor authentication even though a fingerprint is logged for the device.
The Salesforce1 app does not accept cookies, so when SecureAuth tries to match the fingerprint ID with the cookie ID, it fails.
You will need to change the device fingerprinting settings to prevent SecureAuth from trying to match the fingerprint ID with the cookie ID.
Here is a sample configuration:
There are two main settings that you'll want to change:
Host Address/IP: 15% -> 5% or less
Match FP Id in cookie: True -> False
The other settings are optional, but makes the authentication more flexible:
Screen resolution: 10%
Authentication threshold: 90%
Update threshold: 85%
If you change these settings, you are lowering your security as it will be more lenient for the 2nd factor bypass. Make sure you find the right balance between security and convenience!