Passcode (macOS Device)
Use the SOTI macOS Passcode profile configuration to set minimum passcode-based user authentication on a device.
Settings
| Setting | Description |
|---|---|
| Require alphanumeric passcode | Require passcodes to include at least one letter and one number. |
| Require complex passcode | Require passcodes to include at least one special character and prohibit repeated or sequential characters (for example '123' or 'CBA'). |
| Change password at login | Force users to change their password at the next login. |
| Minimum special characters | Set the minimum number of special characters in the passcode. A special character is a character other than a number or a letter, such as &, %, $, and #. |
| Minimum length | Set the minimum number of characters a passcode can contain. |
| Maximum passcode age | Set the maximum number of days a passcode can remain unchanged. After this number of days, the system forces the user must change the passcode to unlock the device. |
| Enable maximum failed attempts before lock | Set the maximum number of failed attempts. |
| Reset timeout after max. failed login attempts | Set the number of minutes before the login is reset after the maximum number of failed login attempts. |
| Maximum grace period | Set the maximum grace period, in minutes, to unlock a phone without entering a passcode. In macOS, the system translates this grace period value to screen-saver settings. |
| Enable automatic device lock | Enable to set the maximum idle period (in minutes) that a user can select before the system automatically locks the device. Once this limit is reached, the device locks, and the user must enter the passcode to unlock it. |
| Automatic device lock duration | Set the device automatic lock duration in minutes from 0–60. |
| Passcode reuse limit | Set the number of historical passcode entries the system checks when validating a new passcode. The device refuses a new passcode if it matches a previously used passcode within the specified passcode history range. |
| Force password update | If enabled, after deploying the profile, the device forces a password reset the next time the user tries to authenticate. |
| Use regular expression | Turn this option on to specify a regular expression and
description to enforce password compliance. Important: Requires macOS 14 or
later |
| Passcode regex | Set a regular expression string to match against the password to determine whether it complies with a policy. |
| Add regex description | List the OS language IDs and a localized description for the given language ID. You can specify 'default' as a fallback Language ID in cases where the target device is not using a specified language. |