Our managers want to avoid the scenario where users don't configure automatic lock of their mobile phones. They are worried about users leaving unprotected phones with the Authenticate app open and showing tokencodes.
I've been trying the option "Require PIN or Device Biometrics to view the Authenticate Tokencodehttps://access-eu.securid.com/AdminInterface/customer/281/" in the configuration and it works but... for the first time only. You open the app and are required to write a PIN or use the device biometrics to see the tokencode. But once you've done that, the app continues showing tokencodes, when I was expecting it to lock again when the tokencode shown expires. Is this the expected behaviour?
The other option would be to remove altogether the option to authenticate with tokencodes, but as far as I know is the authentication method needed for first time users, to be able to create a PIN for the Approve method. Is that right?