When implementing TouchID for an enterprise authentication solution there are some interesting attack vectors to consider, that are not obvious.
There are differences in requirements between COPE and BYOD deployments for instance.
Depending on the type of deployment and the type of data accessed, the security required may call for a simple TouchId check without password stored/retrieved, or for a password to be stored in the enclave to be retrieved, or for TouchId to be combined with another factor for a multi-factor authentication solution.
Some drawbacks to the initial TouchID implementation discussed here are still relevant . There is now a developer API available however which allows flexibility in implementing a solution for the enterprise.