Authentication (iOS)

An Authentication configuration enables you to set minimum requirements for password-based user authentication on a device.

Note: On iOS devices enrolled with user enrollment add devices rules, you are limited in the extent to which you can apply password complexity policies. These devices will ignore the following policies (and the profile configuration will not be installed):
  • Mandatory password/PIN length shorter or longer than 6 characters
  • Allow repeating, ascending, and descending values in password
  • Enforce Complex Passwords by Including the Following
  • Minimal Number of Non-Alphanumeric Characters Allowed
  • Password Expiry
  • Number of Unique Passwords Before Reuse
  • Maximum Number of Failed Password Attempts Before Device Wipe

Complexity Requirements

Repeating, Ascending, and Descending Values in Password Allows the user to create a password that contains repeating, ascending, and descending values, such as 1234, or 1111.
Minimum Password/PIN Length Select the minimum number of characters a password must have.
Enforce Complex Passwords by Including the Following Select this option to set the level of password complexity you want to enforce.

History

Enable Password Expiry Select this option to enable password expiry.
Password Expiry In (Days) Enter the number of days before a password expires.
Number of Unique Passwords Before Reuse Enter the number of unique passwords before a previous password can be reused.

Enforcement

On the Enforcement tab you set conditions for locking or wiping the device.

Maximum Duration of Inactivity Before Screen Lock The number of minutes of inactivity on the device before the screen becomes locked, forcing the user to re-enter their password to gain access.

A value of zero indicates that there is no limit.

Maximum Duration of Screen Lock Before Passcode is Required The length of time a device is locked before requiring the user to reenter their password.
Maximum Number of Failed Password Attempts Before Device Wipe The number of incorrect attempts to unlock the device that is allowed before the device automatically resets and all data is deleted.

A value of zero indicates that there is no limit.