Affected SecureAuth IdP Versions: All Versions
Description:
The Salesforce1 app doesn't allow users to bypass two-factor authentication even though a fingerprint is logged for the device.
Cause:
The Salesforce1 app does not accept cookies, so when SecureAuth tries to match the fingerprint ID with the cookie ID, it fails.
Resolution:
You will need to change the device fingerprinting settings to prevent SecureAuth from trying to match the fingerprint ID with the cookie ID.
Here is a sample configuration:
There are two main settings that you'll want to change:
System Components
Host Address/IP: 15% -> 5% or less
Mobile Settings
Match FP Id in cookie: True -> False
The other settings are optional, but makes the authentication more flexible:
System Components
Timezone: 6%
Screen resolution: 10%
Mobile Settings
Authentication threshold: 90%
Update threshold: 85%
If you change these settings, you are lowering your security as it will be more lenient for the 2nd factor bypass. Make sure you find the right balance between security and convenience!
Comments
Please sign in to leave a comment.