Touch ID on MacOS
Overview
This article shows how two-factor enrolment works for an end user on a Mac with Touch ID. We assume that the user is logging in to Jira with password authentication as the primary factor. Users logging in with SAML or Kerberos on other Atlassian applications can expect a very similar user experience.
The examples shown here assume that an administrator has already added a multifactor policy which requires that users enrol in extra verification. The details on how policies may be configured is out of scope for this article.
Enrolment
When MacOS users are required to enrol in extra verification, they will see a screen informing them that enrolment is required. Users get to choose which kind of second factor to register:
- MacOS Touch ID, a platform authenticator in FIDO terminology
- A security key, typically attached to their device via USB or NFC
- A legacy security key which does not support user verification with PIN or fingerprint
- A one-time code app on their phone
The user selects to set up extra verification using Touch ID.
After selecting Touch ID, the standard MacOS approval dialog appears:
The user then touches the Touch ID fingerprint reader to continue their registration:
Naming the registration
After registering the Touch ID, the user is asked to give their registration a name. This makes it easier to remember which device was registered in the future.
Use case summary
The final step in the registration process lists the different ways the user may use Touch ID as an additional verification factor:
Once this step is completed, the enrolment of the extra verification factor is complete, and the user can get back to work.
See it in action
See how enrolment works from an end user perspective on a Mac with Touch ID.