Apple Watch No Longer Able to Authenticate

Previously, my unlocked Apple Watch enabled me to authenticate in lieu of using the Duo Mobile app on my iPhone.

Now I receive the following series of prompts from my Duo Mobile watch app:

Are you logging in to [Corporate SSO]
Continue / Dismiss
Next Option
Touch ID Required
Please open Duo Mobile on your iPhone to view this request

Questions:

  • Was this as a result of a change to default app behavior?
  • Is there any point to keeping the Apple Watch app?

Hi @pm-user ,

This is likely due to your Duo Admin enabling a policy that requires Mobile Device Biometrics on this application (or all of your corporate Duo-protected applications): Duo Administration - Policy & Control | Duo Security. TouchID can only be performed from the iPhone itself and not the Apple Watch:

Requiring biometric verification changes the Duo Push workflow. Users may no longer approve an authentication request from the app notification. Tapping the Duo notification opens the Duo Mobile app. After you tap “Approve” on the authentication request, scan your enrolled finger at the Touch ID or Android PIN prompt or perform Face ID verification to confirm the authentication approval. If you are unable to authenticate with a biometric factor you can fall back to your device’s passcode

Please contact the IT Help Desk/Admin that manages your company’s Duo instance for more information.

Hope this helps!