Application Passcode
SAP Fiori Client allows users to set an application passcode, as required by SAP security standards. When SAP Mobile Platform Server or SAP HCP, mobile service for development and operations is used with SAP Fiori Client, the administrator can modify the passcode policy remotely.
The application passcode is used to derive the encryption keys that encrypt the content of the logon plugin datavault. The passcode is not stored anywhere on the device or server.
Default Passcode Policy
SAP Fiori Client has the following default passcode policy:
-
Minimum passcode length: 8 characters
-
At least one upper case character required: False
-
At least one digit required: False
-
At least one special character required: False
-
Lock timeout: 5 minutes
-
Maximum retries: 7
-
Enable Fingerprint Encryption: True
If you build a custom SAP Fiori client, you can define the default passcode policy in the application configuration file (appconfig.js).
When SAP Mobile Platform Server or SAP HCP, mobile service for development and operations is not used, setting the application passcode is optional. A user can skip setting the passcode if they like.
If a user forgets the passcode, the user can reset it, which will result in resetting the datavault (and re-registering the user, if SAP Mobile Platform Server or SAP HCP, mobile service for development and operations is used).
Passcode Policy Definition with SAP Mobile Platform Server or SAP HCP, mobile service for development and operations
If SAP Mobile Platform Server or SAP HCP, mobile service for development and operations is used, the administrator can override the default passcode policy for SAP Fiori Client.