Authentication (iOS)

The Authentication configuration enables you to set minimum requirements for password-based user authentication on a device. You can apply this configuration when:

Note: On iOS devices enrolled with user enrollment add devices rules, you are limited in the extent to which you can apply password complexity policies. These devices will ignore the following policies (and the profile configuration will not be installed):
  • Mandatory password/PIN length shorter or longer than 6 characters
  • Allow repeating, ascending, and descending values in password
  • Enforce Complex Passwords by Including the Following
  • Minimal Number of Non-Alphanumeric Characters Allowed
  • Password Expiry
  • Number of Unique Passwords Before Reuse
  • Maximum Number of Failed Password Attempts Before Device Wipe

Complexity Requirements

Repeating, Ascending, and Descending Values in Password Lets the user create a password that has repeating, ascending, and descending values, such as 1234 or 1111.
Minimum Password Length Select the minimum number of characters a password must have.
Enforce Complex Passwords by Including the Following Select this option to set the level of password complexity you want to enforce.

History

Password Expiry Select this option to enable password expiry.
Expire Password in Enter the number of days before the password expires.
Unique Password Before Reuse Select this option to set the number of unique passwords before reusing an old one.
Number of Unique Passwords Before Reuse Enter the number of unique passwords before reusing an old password.

Enforcement

You can set conditions for locking or wiping the device on the Enforcement tab.

Inactivity Before Screen Lock Specify the number of minutes of inactivity on the device before the screen becomes locked, forcing the user to reenter their password to gain access.
Note: A value of zero indicates that there is no limit.
Maximum Duration of Screen Lock Before Passcode is Required Specify how long the device remains locked before the user must reenter their password.
Failed Password Attempts Specify the limit of failed attempts to unlock the device before it automatically resets and deletes all data.