Secure apps passcode management

Typically, you configure AppConnect to require the device user to use a secure apps passcode to use secure apps. The device user creates and uses a secure apps passcode as follows:

Creating a secure apps passcode

If a secure apps passcode is required, Mobile@Work prompts device users to create a secure apps passcode when they:

  • Access secure apps for the first time or

  • Tap Log In (to secure apps) on the Mobile@Work home screen

    Figure 1. Secure apps password prompt

Device users can also create a secure apps password in Mobile@Work without first having to launch a secure app.

Procedure 

  1. Launch Mobile@Work.

    Figure 2. Enter new passcode

  2. Enter a passcode according to the specified instructions.
  3. Tap Done.

    Figure 3. RE-enter the new passcode

  4. Tap Done and Done again.

Creating a more complex secure apps passcode

Mobile@Work chooses which keyboard to display for entering a secure apps passcode based on the passcode requirements in the AppConnect global policy. For example, on an iPhone, when the AppConnect global policy requires a numeric passcode, Mobile@Work displays a numeric keypad. However, Mobile@Work gives the device user the option to enter a more complex secure apps passcode. Some users may want to choose to exceed the secure apps passcode requirements because:

  • they value stronger security against guessing and brute force attacks

  • they do not mind the reduced convenience of entering a more complex passcode.

If the secure apps passcode requirements in the AppConnect global policy are 4 numeric digits, Mobile@Work displays the following:

Figure 4. Numeric passcode requirement

Mobile@Work presents a QWERTY keyboard when you tap Create more complex passcode.

Figure 5. Alpha numeric passcode requirement

The device user uses this screen to create a secure apps passcode that is more complex than required by the AppConnect global policy.

The device user has the option to create a more complex passcode when:

  • Creating the secure apps passcode for the first time.

  • Changing the secure apps passcode.

  • After tapping Forgot Passcode and reentering their user name and password for MobileIron Core.

  • After exceeding the maximum number of failed passcode attempts and reentering their user name and password for MobileIron Core.

The last two options involve self-service secure apps passcode recovery, which is available only if you select Allow iOS users to recover their passcode on the AppConnect global policy.

Logging in with the secure apps passcode

After a period of time in which the device user uses no secure apps, Mobile@Work automatically logs the device user out of secure apps. When the user once again launches a secure app or taps Log In in Mobile@Work, Mobile@Work prompts the user to log in with the secure apps passcode:

The device user does the following:

  1. Enters the secure apps passcode.

  2. Taps Done.

The device user can now continue with the secure app.

Logging out or resetting passcode for secure apps

The device user can log out of secure apps or reset the secure passcode. Logging out is useful, for example, if the user is lending the mobile device to a family member for a few minutes.

The user is automatically logged out after a period of inactivity.

To log out of secure apps or reset the secure apps passcode, in Mobile@Work go to Settings > Secure Apps > Authentication.

Figure 6. Secure apps log out or change passcode

Mobile@Work prompts the device user for the secure apps passcode the next time the user launches a secure app or taps Log In in Mobile@Work.

Resetting the secure apps passcode - administrator initiated

You can change the secure apps passcode requirements on MobileIron Core by modifying the AppConnect global policy. When Mobile@Work checks in with Core, Mobile@Work prompts the device user as follows:

Figure 7. Reset passcode prompt

Tap OK and follow the prompts to reset the passcode.