9.3 Apple Touch ID

Apple Touch ID is an electronic fingerprint recognition feature, available in Mac operating system devices, that allows the users to authenticate to Mac OS workspace. Users can authenticate with methods such as something you know (LDAP Password, Password) or something you have (Card, Smartphone) and Apple Touch ID (something you are) for multi-factor authentication. Users need to place their finger on the Touch ID scanner to enroll and authenticate.

To configure this method, add Apple Touch ID method to an authentication chain.

NOTE:You must install the Device Service on the Mac workstation to use this method.

NOTE:You cannot use Touch ID for the initial authentication after boot.

Enrolling Apple Touch ID and Authenticating to Mac OS with Apple Touch ID

Consider an administrator performed the following steps to enforce users to enroll the Apple Touch ID method in Mac OS device.

  1. Created a chain with the Apple Touch ID method and added another method such as LDAP password.

  2. Assigned the chain to the Mac OS Logon event.

Paul, an end user, logs in to the Self Service portal and enrolls the Apple Touch ID method using his fingerprint. After enrollment, Paul authenticates to his Mac OS workstation by specifying the LDAP password and placing fingers on the Touch ID scanner.