Show TOC

Defining Client Password PolicyLocate this document in the navigation structure

(Not applicable to Agentry and Mobiliser) Define the client password policy used to unlock the DataVault, for the selected application. The application developer must have added enforcement code to the application DataVault to enforce the policy. The administrator enters the application password policy used to unlock the DataVault during application initialization.


The client password policy applies only to the application password used to unlock the DataVault during application initialization, and has nothing to do with SAP Mobile Platform security profiles, or the back-end security systems with which they integrate. Password policies for back-end security systems are administered by customer information technology departments using their native security administration tools.


  1. In Management Cockpit, select Start of the navigation path Applications Next navigation step Client Policy End of the navigation path.
  2. Under Client Password Policy, click Enable Password Policy to edit fields.
  3. Enter values:
    Property Default Description
    Expiration Days 0 The number of days a password is valid before it expires.
    Minimum Length 8 The minimum password length required.
    Retry Limit 20 The number of retries allowed when entering an incorrect password. After this number of retries, the client is locked out, and the DataVault and all its contents is permanently deleted, rendering the application permanently unusable and all encrypted application data un-accessible permanently.
    Minimum Unique Characters 0 The minimum number of unique characters required in the password.
    Lock Timeout 0 The length of time in seconds that the DataVault may remain unlocked within the application, while the application remains inactive. Once this time passes, the user must re-enter their default password to continue using the application (similar to a screen-saver feature).

    If the application implements the SAP Mobile Platform Mobile SDK, the Mobile SDK interprets the Lock Timeout from the Data Vault Password Policy differently than described here. See SAP Mobile Platform SDK > Native OData App Development > iOS Applications > Developing with MAF Login for iOS > Customizing the Logon UI > Logon Screen Configuration Options > Data Vault Life Cycle (the section: Handling Timeout with MAF Logon Components). Work with the application developer if appropriate.

    Password Properties:

    See below Required password policies.

    Default Password Allowed

    Disabled Indicates whether a default password can be generated by the DataVault; from the user's point of view this policy turns off the password.
    Has Digits Disabled Indicates whether the password must include digits.
    Has Lower Disabled Indicates whether the password must include lower case letters.
    Has Upper Disabled Indicates whether the password must include upper case letters.
    Has Special Disabled Indicates whether the password must include special characters.
  4. Click Save to save the settings.