Use TouchID Authentication with Allow Messages

Privilege Management for Mac 21.2 includes an MVP version of TouchID authentication. A fully functional TouchID feature will be available in a future release.

Privilege Management for Mac example with TouchID in place

When an end user activates TouchID, their fingerprint can be used for authentication rather than a password. In a Privilege Management for Mac implementation, TouchID authentication can be used in place of password authentication on a Privilege Management message dialog box, as shown here.

 

When creating a message, keep the following in mind:

  • An Allow message template must be used.
  • Authentication Method must be set to Password Only or Any.
  • The message cannot be combined with any other message types.

When TouchID is not activated or available on the user's machine, then the user is presented with a message to enter their password.

Activate TouchID Authentication

Update the defendpointd.plist:

<key>BiometricAuthenticationEnabled</key>
<true/>

Change the value to false to turn off the feature.