8 of 8Image
Enterprise Single Sign-On
Nobody likes entering passwords, and it's all that much worse typing them on glass on a tiny phone. With Enterprise single sign-on, IT can allow users to enter one set of enterprise credentials and be authenticated for any app.
Previous versions of iOS allowed this for all apps by the same vendor, but in iOS 7 any app by any vendor can be included.
IT can also specify a set of URL prefixes to be included for single sign-on. If the user visits any site that starts with the prefix (e.g. http://www.zdnet.com/topic-apple/), iOS will send the credentials to the server.
Biometrics - Touch ID
There have been attempts at biometrics in mobile devices before, but they were never easy to use, reliable and mass-market. It figured that Apple would be the first to do this.
Touch ID is a fingerprint sensor, so far only on the iPhone 5S, built into the Home button. It handles biometric authentication and authorization and returns a simple yes or no to iOS 7.
There's definitely some question as to how secure Touch ID can be. It may not be secure enough for an enterprise. It's also important to note that Touch ID is not two-factor authentication (2FA). You can use a passcode or the fingerprint, but you can't require both. The goal of 2FA, from one perspective, is to make it harder to log in, and Apple isn't interested in that.
But it's more complicated than that. Touch ID users have to have a passcode as a backup, and if the device is rebooted or hasn't been unlocked in 48 hours the passcode is required. This may make it practical for IT to require very secure passcodes, perhaps 7 or more characters, while still making it easy to access the device on a regular basis.