Administrator

Defining Client Password Policy

(Not applicable to Agentry and Mobiliser) Define the client password policy that is used to unlock the DataVault for the selected application.

Context

The application developer must have added enforcement code to the application DataVault to enforce the password policy. The administrator enters the application password policy used to unlock the DataVault during application initialization.

The client password policy applies only to the application password that is used to unlock the DataVault during application initialization; it has nothing to do with SAP Mobile Platform security profiles, or the back-end security systems with which they integrate. Password policies for back-end security systems are administered by customer information technology departments using their native security administration tools.

Procedure

  1. In Management Cockpit, select Applications.
  2. For an application, select Start of the navigation path  Next navigation step Configure Next navigation step Client Policies End of the navigation path.
  3. Under Passcode Policy, select Enable Passcode Policy and configure the policy properties:
    Property Default Description
    Expiration Days 0 The number of days a password is valid before it expires.
    Minimum Length 8 The minimum password length required.
    Retry Limit 10 The number of retries allowed when entering an incorrect password. After this number of retries, the client is locked out, and the DataVault and all its contents are permanently deleted, the application is permanently unusable, and its encrypted data is inaccessible.
    Minimum Unique Characters 0 The minimum number of unique characters required in the password.
    Lock Timeout 300 The number of seconds the DataVault may remain unlocked within the application, while the application remains inactive. Once this time passes, the user must re-enter their password to continue using the application (similar to a screen-saver feature).

    Default Passcode Allowed

    Disabled Indicates whether a default password can be generated by the DataVault; from the user's point of view this policy turns off the password.
    Has Digits Disabled Indicates whether the password must include digits.
    Has Lower Disabled Indicates whether the password must include lower case letters.
    Has Upper Disabled Indicates whether the password must include upper case letters.
    Has Special Disabled Indicates whether the password must include special characters.
    Fingerprint Allowed Disabled Indicates whether you can unlock the application with a fingerprint.
  4. Click Save.