Secure apps passcode management
Typically, you configure AppConnect to require the device user to use a secure apps passcode to use secure apps. The device user creates and uses a secure apps passcode as follows:
| • | Creating a secure apps passcode |
| • | Creating a more complex secure apps passcode |
| • | Logging in with the secure apps passcode |
| • | Logging out or resetting passcode for secure apps |
| • | Secure apps passcode management |
| • | Resetting the secure apps passcode - administrator initiated |
| • | Secure apps passcode management |
Creating a secure apps passcode
When you have configured a device so that a secure apps passcode is required, Mobile@Work prompts the device user to create a secure apps passcode the first time the user launches any secure app.
Figure 1. Secure apps password prompt
Device users can also create a secure apps password in Mobile@Work without first having to launch a secure app.
Procedure
- Launch Mobile@Work.
-
Go to Settings > Secure Apps > Authentication.
Figure 2. Log in for secure apps passcode
-
Tap Log In.
Figure 3. Enter new passcode
- Enter a passcode according to the specified instructions.
-
Tap Done.
Figure 4. RE-enter the new passcode
- Tap Done and Done again.
Creating a more complex secure apps passcode
Mobile@Work chooses which keyboard to display for entering a secure apps passcode based on the passcode requirements in the AppConnect global policy. For example, on an iPhone, when the AppConnect global policy requires a numeric passcode, Mobile@Work displays a numeric keypad. However, Mobile@Work gives the device user the option to enter a more complex secure apps passcode. Some users may want to choose to exceed the secure apps passcode requirements because:
| • | they value stronger security against guessing and brute force attacks |
| • | they do not mind the reduced convenience of entering a more complex passcode. |
If the secure apps passcode requirements in the AppConnect global policy are 4 numeric digits, Mobile@Work displays the following:
Figure 5. Numeric passcode requirement
Mobile@Work presents a QWERTY keyboard when you tap Create more complex passcode.
Figure 6. Alpha numeric passcode requirement
The device user uses this screen to create a secure apps passcode that is more complex than required by the AppConnect global policy.
The device user has the option to create a more complex passcode when:
| • | Creating the secure apps passcode for the first time. |
| • | Changing the secure apps passcode. |
| • | After tapping Forgot Passcode and reentering their user name and password for MobileIron Core. |
| • | After exceeding the maximum number of failed passcode attempts and reentering their user name and password for MobileIron Core. |
| NOTE: | The last two options involve self-service secure apps passcode recovery, which is available only if you select Allow iOS users to recover their passcode on the AppConnect global policy. |
Logging in with the secure apps passcode
After a period of time in which the device user uses no secure apps, Mobile@Work automatically logs the device user out of secure apps. When the user once again launches a secure app or taps Log In in Mobile@Work, Mobile@Work prompts the user to log in with the secure apps passcode:
The device user does the following:
| 1. | Enters the secure apps passcode. |
| 2. | Taps Done. |
The device user can now continue with the secure app.
Logging out or resetting passcode for secure apps
The device user can log out of secure apps or reset the secure passcode. Logging out is useful, for example, if the user is lending the mobile device to a family member for a few minutes.
| NOTE: | The user is automatically logged out after a period of inactivity. |
To log out of secure apps or reset the secure apps passcode, in Mobile@Work go to Settings > Secure Apps > Authentication.
Figure 7. Secure apps log out or change passcode
Mobile@Work prompts the device user for the secure apps passcode the next time the user launches a secure app or taps Log In in Mobile@Work.
Resetting the secure apps passcode - administrator initiated
You can change the secure apps passcode requirements on MobileIron Core by modifying the AppConnect global policy. When Mobile@Work checks in with Core, Mobile@Work prompts the device user as follows:
Figure 8. Reset passcode prompt
Tap OK and follow the prompts to reset the passcode.
When the device user exceeds the maximum number of attempts
The maximum number of attempts to correctly enter the secure apps passcode is configurable. If it is greater than 5, after the device user makes five attempts to correctly enter the secure apps passcode, Mobile@Work displays the following:
Figure 9. Secure apps is disabled
After the maximum number of failed attempts, the device user must enter their Core credentials and then create a new AppConnect passcode. If the maximum is greater than 5, after the 5th attempt, the user can attempt to reenter the secure apps passcode only after waiting progressively longer time periods. Specifically, after the 5th, 6th, 7th, 8th, and 9th attempts, the user must wait 1, 5, 15, 60, and 60 minutes respectively.