Secure apps passcode management

Typically, you configure AppConnect to require the device user to use a secure apps passcode to use secure apps. The device user creates and uses a secure apps passcode as follows:

Creating a secure apps passcode

If a secure apps passcode is required, [email protected] prompts device users to create a secure apps passcode when they:

  • Access secure apps for the first time or

  • Tap Log In (to secure apps) on the [email protected] home screen

    Figure 1. Secure apps password prompt

Device users can also create a secure apps password in [email protected] without first having to launch a secure app.

Procedure 

  1. Launch [email protected]

    Figure 2. Enter new passcode

  2. Enter a passcode according to the specified instructions.
  3. Tap Done.

    Figure 3. RE-enter the new passcode

  4. Tap Done and Done again.

Creating a more complex secure apps passcode

[email protected] chooses which keyboard to display for entering a secure apps passcode based on the passcode requirements in the AppConnect global policy. For example, on an iPhone, when the AppConnect global policy requires a numeric passcode, [email protected] displays a numeric keypad. However, [email protected] gives the device user the option to enter a more complex secure apps passcode. Some users may want to choose to exceed the secure apps passcode requirements because:

  • they value stronger security against guessing and brute force attacks

  • they do not mind the reduced convenience of entering a more complex passcode.

If the secure apps passcode requirements in the AppConnect global policy are 4 numeric digits, [email protected] displays the following:

Figure 4. Numeric passcode requirement

[email protected] presents a QWERTY keyboard when you tap Create more complex passcode.

Figure 5. Alpha numeric passcode requirement

The device user uses this screen to create a secure apps passcode that is more complex than required by the AppConnect global policy.

The device user has the option to create a more complex passcode when:

  • Creating the secure apps passcode for the first time.

  • Changing the secure apps passcode.

  • After tapping Forgot Passcode and reentering their user name and password for MobileIron Core.

  • After exceeding the maximum number of failed passcode attempts and reentering their user name and password for MobileIron Core.

The last two options involve self-service secure apps passcode recovery, which is available only if you select Allow iOS users to recover their passcode on the AppConnect global policy.

Logging in with the secure apps passcode

After a period of time in which the device user uses no secure apps, [email protected] automatically logs the device user out of secure apps. When the user once again launches a secure app or taps Log In in [email protected], [email protected] prompts the user to log in with the secure apps passcode:

The device user does the following:

  1. Enters the secure apps passcode.

  2. Taps Done.

The device user can now continue with the secure app.

Logging out or resetting passcode for secure apps

The device user can log out of secure apps or reset the secure passcode. Logging out is useful, for example, if the user is lending the mobile device to a family member for a few minutes.

The user is automatically logged out after a period of inactivity.

To log out of secure apps or reset the secure apps passcode, in [email protected] go to Settings > Secure Apps > Authentication.

Figure 6. Secure apps log out or change passcode

[email protected] prompts the device user for the secure apps passcode the next time the user launches a secure app or taps Log In in [email protected]

Resetting the secure apps passcode - administrator initiated

You can change the secure apps passcode requirements on MobileIron Core by modifying the AppConnect global policy. When [email protected] checks in with Core, [email protected] prompts the device user as follows:

Figure 7. Reset passcode prompt

Tap OK and follow the prompts to reset the passcode.