Biometric authentication

This topic describes how to add support for biometric authentication.

Fingerprint biometric authentication

The fingerprint option is available if there is no password quality installed.

• If the user selects one of the password options, the password quality works on the lock screen password.
• If the user selects the fingerprint option (with IT admin approval), the password quality works on the alternative authentication of the fingerprint.

An admin can enable or disable the fingerprint option without user interaction. The user and third-party apps cannot enable the fingerprint option setting once it is disabled.

The use of this API requires the com.samsung.android.knox.permission.KNOX_SECURITY permission.

1. Create the EnterpriseDeviceManager object.

2. check whether the fingerprint option is enabled

   EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
   PasswordPolicy passwordPolicy = edm.getPasswordPolicy();
   
   // enable the fingerprint option
   passwordPolicy.setBiometricAuthenticationEnabled(BIOMETRIC_AUTHENTICATION_FINGERPRINT | BIOMETRIC_AUTHENTICATION_IRIS, true);
   

You can also check whether the biometric authentication option on the list of lockscreen password options is enabled or not, and take appropriate action based on enterprise policy.

EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
PasswordPolicy passwordPolicy = edm.getPasswordPolicy();
// check whether the fingerprint option is enabled
passwordPolicy.isBiometricAuthenticationEnabled(BIOMETRIC_AUTHENTICATION_FINGERPRINT);

Iris biometric authentication

You can also control Iris authentication with setBiometricAuthenticationEnabled and PasswordPolicy.

The method parameters is as follows:

passwordPolicy.isBiometricAuthenticationEnabled(BIOMETRIC_AUTHENTICATION_FINGERPRINT);