Applies to: Centrify DirectControl Mac Edition 5.4.0 and above
How to disable the use of touchID with Centrify?
At this moment, Centrify does not have Group Policy to control this. (An Enhancement request has been filed and accepted, no ETA at this moment)
However, we can block the use of touchID with the following workarounds:
- Use the “bioutil” command to enable / disable the touchID feature for users:
As Centrify can deploy the defined command by using the following group policy:
Computer Configuration > Centrify Settings > Common UNIX Settings > Specify commands to run group policy
This will configure computer-based policies that run when a computer restarts.
Configure a custom .mobileconfig profile to disable touchID and deploy it via Group Policy (See attachment):
Please install the attached .mobileconfig profile and deploy it through below group policy:
User Configuration > Centrify Settings > Mac OS X Settings > Custom Settings > Install MobileConfig Profiles
As the Group policy will be update within the next update interval or by manually running: