iOS Autofill Face/Touch ID unlock does not work when MDM settings are applied
Hi,
I believe this is a bug, and just wanted to post here so it could be investigated / in case others are seeing the same.
Issue:
When the "Allow Face ID" and "Allow Touch ID" settings are applied via the 1Password MDM config, these settings are not respected for iOS Autofill. When utilizing Autofill, even when Face/Touch ID have been allowed, the user is prompted for their master password every time -- and never for Face ID/Touch ID, which would be the expected behavior.
Outside of Autofill, Face ID and Touch ID work fine everywhere else (within the 1Password app, etc.). The Settings > Security page in the iOS app also indicates that the MDM settings are being applied / respected by the app.
Repro Steps:
1. Deploy the below ("not working") config to the iOS device via MDM:
Not Working:
<dict>
<key>privacy.checkHibp</key>
<true/>
<key>privacy.downloadRichIcons</key>
<true/>
<key>security.authenticatedUnlock.appleTouchId</key>
<true/>
<key>security.authenticatedUnlock.appleFaceId</key>
<true/>
<key>security.clipboard.clearAfter</key>
<true/>
</dict>
Working:
<dict>
<key>privacy.checkHibp</key>
<true/>
<key>privacy.downloadRichIcons</key>
<true/>
<key>security.clipboard.clearAfter</key>
<true/>
</dict>
- Open the app, go to Settings > Security and verify that Face ID is enabled. Also verify that the page indicates the option is being controlled by an administrator.
- Close the app and re-open a few times to verify you are being prompted for Face ID each time (in this case, we are prompted "Immediately").
- Go to any web page in Safari with a saved login form, and use Autofill so that 1Password tries prompting for authentication.
- Observe that 1Password will prompt for the master password every time, even after it has been entered both in the app and within the autofill pop-up. The expected behavior would be for the Autofill pop-up to prompt for Face ID, as it has been allowed within the MDM configuration.
- Also observe that if we switch to the "working" MDM config above, Autofill immediately begins prompting for Face ID as expected.
Thank you so much!
1Password Version: iOS 8.10.28
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided
Comments
-
Hi @DTabbey -
Thanks for taking the time to bring this to my attention and for sharing the steps to reproduce. We've done some testing at our end and so far we've been unable to replicate this behaviour.
I'd like to ask you to share a diagnostics report from an affected iOS device so that we can get to the bottom of the issue:
Sending Diagnostics Reports (iOS)
Attach the diagnostics to an email message addressed to
support+forum@1password.com.With your email please include:
- A link to this thread:
https://1password.community/discussion/145329/ios-autofill-face-touch-id-unlock-does-not-work-when-mdm-settings-are-applied#latest - Your forum username:
DTabbey
You should receive an automated reply from our BitBot assistant with a Support ID number. Please post that number here and I'll make sure that the message gets to the right team.
0 - A link to this thread:
