Use TouchID Authentication with Allow Messages
Privilege Management for Mac 21.2 includes an MVP version of TouchID authentication. A fully functional TouchID feature will be available in a future release.
When an end user activates TouchID, their fingerprint can be used for authentication rather than a password. In a Privilege Management for Mac implementation, TouchID authentication can be used in place of password authentication on a Privilege Management message dialog box, as shown here.
When creating a message, keep the following in mind:
- An Allow message template must be used.
- Authentication Method must be set to Password Only or Any.
- The message cannot be combined with any other message types.
When TouchID is not activated or available on the user's machine, then the user is presented with a message to enter their password.
Activate TouchID Authentication
Update the defendpointd.plist:
<key>BiometricAuthenticationEnabled</key> <true/>
Change the value to false to turn off the feature.