Topic

This article explains how Everbridge currently handles biometric authentication (such as Face ID, Touch ID, or other device biometrics) in the ManageBridge mobile app, specifically in relation to what counts as a login, how the Last Login Date is updated, and what is or is not captured in audit logs.

It is intended for Everbridge Suite / ManageBridge administrators, security and compliance teams performing access reviews, and support engineers who need to explain why biometric usage in ManageBridge does not appear as logins or in audit logs.

Description

What Counts as a Login for Last Login Date

Everbridge updates a user’s Last Login Date when the user performs a full authentication with credentials. This includes:

• Logging in to the Everbridge Manager Portal with username and password, or via supported SSO.

• Logging in to the ManageBridge app using username/password or supported SSO.

Once a user has successfully logged in to ManageBridge and remains authenticated, this authenticated state is maintained using token-based authentication. In this model, tokens are refreshed rather than creating new login entries, and only the initial login typically appears in the Event Log. Subsequent token refreshes do not generally produce additional login events.

Biometric Unlock Behavior in ManageBridge

On supported devices, users can enable biometrics (for example, Face ID or Touch ID) in ManageBridge so that, after an initial successful login, they can reopen the app using biometrics instead of re-entering their username and password or going through SSO again.

The key design points are:

• Biometric authentication is used locally on the device to unlock an existing authenticated session in ManageBridge.

• Biometric unlock is not treated as a new login event by Everbridge.

• Biometric unlock does not update the user’s Last Login Date in the Manager portal UI.

• Biometric unlock is not logged as a separate entry in the Everbridge audit log.

This behavior applies to Face ID, fingerprint authentication, and other supported device biometrics.

Engineering has confirmed that biometric unlocking of the ManageBridge app is deliberately not treated as a login, and there is currently no plan to change this behavior so that biometric unlocks update Last Login Date or appear in audit logs.

Impact on Last Login Date and Security Reviews

This design has important implications for customers who rely on Last Login Date and audit data for access reviews and compliance.

• Users who primarily access Everbridge through the ManageBridge app using biometrics may appear to have an old Last Login Date (sometimes months in the past), even though they actively use the app.

• Audit reports or user-access reports based solely on Last Login Date may under-report actual usage for users who rely on biometrics in ManageBridge.

• This is expected behavior and not a defect in the Last Login Date field or the audit log.

Because biometric unlocks do not count as logins:

• Users may still be subject to access removal, deactivation, or other cleanup actions if your policies depend on a maximum age for Last Login Date and those users have not performed a recent full login.

• Biometric logins will not prevent access from being removed during annual security reviews that use Last Login Date as the primary indicator of activity.

Guidance for Administrators and Security Teams

Using Last Login for Access Reviews

If your organization uses Last Login Date in the Manager portal as a primary indicator of whether an account is “stale” (for example, disabling any user who has not logged in for a defined period such as 12 months), you should account for the limitations caused by biometric unlock behavior:

• Recognize that users who rely on biometrics in ManageBridge may show an old Last Login Date even while actively accessing the app.

• Adjust internal policies or review criteria so that biometric-heavy usage patterns do not cause you to incorrectly classify active users as inactive.

Process-Level Compensating Controls

While Everbridge does not currently provide a configuration option to change biometric logging behavior, organizations can adopt process-level controls to supplement Last Login Date:

• Require periodic full logins for critical roles.
  For example, instruct key users (such as approvers, general managers, or incident commanders) to perform a full username/password or SSO login via the Manager Portal or ManageBridge at least once per defined period. This ensures Last Login Date continues to reflect ongoing access.

• Use other evidence of activity.
  Where available, use notification sending history, incident activity, or other operational logs as additional evidence of user activity for access reviews, especially when Last Login appears old for heavy ManageBridge users.

• Combine Last Login with HR and role data.
  Avoid relying solely on Last Login Date to determine whether someone is still employed, active in their role, or should retain Everbridge access.

Positioning and Expectations for Support

Support engineers responding to questions about ManageBridge and biometric authentication should consistently communicate the following points:

• Biometric unlocking of the ManageBridge app is not treated as a login. This is a deliberate design choice confirmed by engineering.

• Last Login Date reflects full authentication events (for example, username/password or SSO), not local device-level biometric unlocks.

• Biometric unlocks are not recorded in the audit log, and there is no current plan to change this behavior.

• If customers rely on Last Login Date for annual recertification or other access reviews, they should consider whether their processes need adjustment to account for ManageBridge biometric usage.

When appropriate, Support can also direct customers to related internal or external articles that explain broader Last Login behavior, ManageBridge login and SSO patterns, or Everbridge audit/logging overviews, to provide additional context.