IBM MaaS360

IBM MaaS360

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Reset Password Token issue

    Posted Mon August 24, 2020 09:55 AM
    This is an issue with when we enroll devices with Android Enterprise.

    Behavior: When we try to enroll an Android device, it gets stuck at RESET PASSWORD TOKEN Screen for a long time like 30 minutes or more and continuously shows processing on this Reset Password Token screen, please check the attached screenshot.

    And if we try to access the secure MaaS360 App it redirect us again on the same screen and due to this enrollment is not getting completed.

    We have also observed that this specifically happens when the fingerprint is enabled on the device.

    We are facing this issue from longtime like we tried it 6 months back, but the situation is same, I don't have an idea if its something related to the security policy passcode related settings or if its a bug?


    <gdiv></gdiv>

    ------------------------------
    Ankit Teekariya
    ------------------------------


  • 2.  RE: Reset Password Token issue

    Posted Tue August 25, 2020 11:07 PM

    Hi Ankit,

    Can you give me a little more information about this issue:

    Does this happen on just a single device or many devices?

    Across a single OEM or many?

    Do the results vary on different networks?



    ------------------------------
    Matt Shaver
    System Architect
    IBM
    mshaver@us.ibm.com
    ------------------------------

    Original Message


  • 3.  RE: Reset Password Token issue

    Posted Wed August 26, 2020 03:51 AM
    Hi Matt,

    Please find the response to your queries:

    Is this in Android Enterprise DO or PO mode?

    Tried with PO Mode only not tried with DO mode.

    Does this happen with just a single device or many devices?

    We have tried this on different devices, but facing the same issue, it only works fine when we do not have fingerprint enabled on the device.

    Across a single OEM or many?

    Checked with Mi Devices but I don't remember our experience with One Plus device enrollment, I will also try with different OEM 

    Do the results vary on different networks?

    No, it's not.





    <gdiv></gdiv>

    ------------------------------
    Ankit Teekariya
    ------------------------------

    Original Message


  • 4.  RE: Reset Password Token issue

    Posted Wed August 26, 2020 12:40 AM

    Hi Ankit,

    Is this in Android Enterprise DO or PO mode?

    Android OS itself has a bug where fingerprint/iris/face recognition authentication modes do not work below Android Q.

    In that case, Pattern/PIN/Password MUST be used. Using a fingerprint auth will lead to a looping behaviour with no progress.

    If you are using the latest version of the MaaS360 app (v7.10) there should be a warning/info text on the same.

    Can you try using a Pattern/PIN/Password auth mechanism and let us know if it solves the problem?



    ------------------------------
    Anish Kothari
    Software Developer - Android,
    IBM MaaS360
    ------------------------------

    Original Message


  • 5.  RE: Reset Password Token issue

    Posted Wed August 26, 2020 08:57 AM
    Hi Anish,

    This is in PO Mode not tried with DO mode.

    Ok, Mine is Android 9 PKQ1 (MIUI Globale 11.0.3) Mi Device

    Yes, it's our observation also, when the device is having fingerprint authentication enabled & if we try to enroll it goes into the loop with no progress (almost around more than 2 hrs it was in the loop)

    Yes We are having latest MaaS360 App (v7.10), we received warning to reset credentials, but when we click on it, I think it again comes to Reset Password Token and goes into the loop.

    We tried using PIN Pattern only where we haven't faced this issue.

    Suppose if a company is having thousand of users with their Personal devices which has to be enrolled on MaaS360 & those users have enabled fingerprint device authentication, Will it be mandatory for them to switch to PIN or Pattern authentication only for the enrollment purpose/

    Will they agree with us and sacrifice their user experience for a while with their PO devices because this is an Android bug!!




    <gdiv></gdiv>

    ------------------------------
    Ankit Teekariya
    ------------------------------

    Original Message


  • 6.  RE: Reset Password Token issue

    Posted Thu August 27, 2020 02:33 AM
    Edited by Anish Kothari Thu August 27, 2020 02:34 AM

    Hi Ankit,

    Yes, so it is an Android problem which Google fixed only in Android Q+

    The screen shown to confirm credentials will not have any fingerprint/iris/face recognition from Android Q and above.

    Coming to devices with Android M to Android P, during enrollment when the credentials are asked, there should be a warning text on the screen.

    Please enter device passcode to authenticate. IMPORTANT: DO NOT USE biometrics such as fingerprint/Iris/face.

    Do you not see this in the authentication screen?

    Because this is not a part of MaaS360 but shown from the Android OS itself so unless the OEMs have messed around with it, you should be able to see these instructions.

    Also, there is no need for users to move away from Fingerprint or any biometric auth mechanisms for personal usage.

    Whenever a user enrolls a fingerprint, they are asked to also have a backup PIN/Pattern/Password on all devices. This same PIN/Pattern/Password must be entered during enrollment and it will be successful. So there's no question of sacrificing convenience. It is a one-time task.

    Due to it being an Android OS problem, nothing more can be done except instructing users to not use biometric auth modes during enrollment on devices below Android Q.



    ------------------------------
    Anish Kothari
    Software Developer - Android,
    IBM MaaS360
    ------------------------------

    Original Message