Biometric Authentication on Android
Beginning with Nomad for Android 1.0.16, you can enable Biometric Authentication for your Notes ID. This feature allows users to unlock their Notes ID with a biometric supported on the device, like fingerprint or face.
Once enabled, subsequent launches of HCL Nomad invoke a biometric prompt. If the user is authenticated, then the Notes ID is unlocked. If the user’s biometric cannot be authenticated, the user is prompted to provide their device credentials instead. The device credentials (pin, password or pattern) are required to setup the Lock Screen on Android and add biometrics for authentication.
Enabling Biometric Authentication
Biometric authentication can be enabled during initial setup or during subsequent launches of the application.
The Notes ID prompt now includes the following option:
- Enable Biometric
When you are prompted for your Notes ID password, input your Notes ID password and tap Enable Biometric.
HCL Nomad verifies your password, then prompts you to authenticate with your fingerprint or face depending on the Lock Screen setup. Your Notes ID is then enabled for Biometric Authentication.Requirements
- The Screen Lock must be set on the device.
- At least one biometric that meets Android’s security specifications and has a “strong” rating must be enabled on the device. Otherwise, the Enable Biometric option does not appear.
Considerations
- If all biometrics are removed after a Notes ID is enabled with Biometric Authentication, then HCL Nomad prompts the user for the device credentials instead.
- If the Screen Lock is removed after a Notes ID is enabled with Biometric Authentication, then HCL Nomad will revert to password protected Notes ID.
- Notes IDs that are protected with Biometric Authentication do not ID Sync
with Domino server 11.x and earlier. Domino server version 12 supports the
ID sync of Notes IDs enabled for Biometric Authentication.
ID Sync affects the administrator’s ability to sync a key rollover or a rename of a user to a user’s Notes ID. As a workaround, if an administrator performs one of these operations and the ID vaulted Domino server does not support Biometric Authentication, then the user can reinstall HCL Nomad to pick up the new ID changes from the ID Vault.
- HCL Nomad does not support the use of Notes ID password for users with server-side password checking enabled and multiple Notes based clients. Biometric Authentication can be enabled for users with NSL enabled via policy to allow for continued use of HCL Nomad. For more information, see this article.
- Android 10 and earlier only supports fingerprint authentication.
- HCL Nomad mobile clients do not support Notes Shared Login (NSL), as this feature is a Windows only feature. However, Biometric Authentication is similar to NSL as both features do not have an explicit Notes ID password enabled on the client's Notes ID.
- An administrator can disable Biometric Authentication from the management console, this will revert existing users to password protected Notes ID.
Management
Biometric Authentication can be managed by the setting enableBiometricSetup, which is available in the MDM AppConfig settings. When enabled, the user has the option to enable Biometric Authentication.
For more on managing via MDM, see Managing HCL Nomad via an MDM provider (mobile) in the Administrator documentation.
For more on managing via Marvel Client, see HCL Nomad and panagenda MarvelClient.