Authentication (Android Enterprise Work Profile)
The Authentication configuration enables you to set minimum requirements for password-based user authentication on a device. You can apply this configuration when:
Device Administrator Password
Use this section to add an administrator password to the device. You must configure an administrator password before using the various security features of SOTI MobiControl. The administrator password disables security feature such as lockdown and application run control, providing unrestricted access to the device.
| Configure features supported for AMAPI devices only | If enabled, allows configuration of features supported for AMAPI-enrolled devices only. Once the profile configuration is assigned to a device, the user cannot change this option while editing the profile. |
| Password | Enter an administrator password for the device that disables security features such as lockdown or application run control. |
| Revert to User Mode | If enabled, allows reverting from Android Agent mode to User
mode after a defined timeout interval in minutes. Use the slider
to define a timeout interval in the 5–120 minute range. The
default value is 30 minutes.
|
| Restrict Administrator Password Attempts | If enabled, this restricts the number of password attempts a
user can make for an administrator account before enforcing a
lockout. Set the number of incorrect password attempts that can
be made before enforcing a temporary lockout of the account.
Specify the duration of the account lockout after the maximum
password attempts have been reached.
|
-
Use Device to apply authentication settings to an entire device.
-
Use Work Profile to apply authentication settings to only the Work Profile part of the device.
If you are applying a user password policy to a work profile on an Android Enterprise device, in the Work Profile tab, enable the Enforce Work Profile Password Policy toggle.
Device Password Policy
Choose an option from the drop to determine how the authentication policy applies.
- Allow User to Configure: The device user chooses how to secure the device.
- Disable Lockscreen: Disable all lock screen security settings. This is the same as choosing None as the security type on the device. Setting a password, PIN, or pattern, re-enables the lock screen.
- Enable Password Enforcement: The device user must follow
the requirements as set by this profile configuration.
You must choose Enable Password Enforcement to apply an authentication policy.
Minimum Complexity
| Password Quality | Select the minimum password quality. Password quality options listed are in order of
security strength, from least to most secure. Device users can use
any password type option that is more secure than the selected
minimum.
|
| Password/PIN Length | Set the minimum password or PIN length. |
| Complex Characters | Set the minimum number of complex (non-alphanumeric) characters required. |
History
| Maximum Password Age | Toggle on Maximum Password Age to enter the number of days before prompting a user to enter a new password. |
| Unique Passwords Before Reuse | Toggle on Unique Passwords Before Reuse to select the number of unique passwords a user must set before reusing an earlier password. |
Policy
| Screen Timeout | Toggle on Screen Timeout to set a maximum inactive time before the screen locks. |
| Device Authentication Wipe Policy | Toggle on Device Authentication Wipe Policy to set a maximum limit on entering incorrect passwords before a device is automatically wiped. |
| Strong Authentication Requirement | Enable this option to force device users to regularly enter a strong authentication type (such as a PIN, pattern, or password) to unlock their device. Set an interval (in hours) that specifies how often a device user must use a strong authentication type (such as a PIN, pattern, or password) to unlock their device. |