Defining Client Password Policy

(Applies only to native and hybrid) Define the client password policy used to unlock the DataVault, for the selected application. The application developer must have added enforcement code to the application DataVault to enforce the policy. The administrator enters the application password policy used to unlock the DataVault during application initialization. Note that this policy does not apply to Agentry or Mobiliser clients, which do not use DataVault.

The client password policy applies only to the application password used to unlock the DataVault during application initialization, and has nothing to do with SAP Mobile Platform security profiles, or the back-end security systems with which they integrate. Password policies for back-end security systems are administered by customer information technology departments using their native security administration tools.

  1. From Management Cockpit, select Applications > Client Password Policy.
  2. Click Enable Password Policy to display additional fields.
  3. Enter values:
    Property Default Description
    Expiration Days 0 The number of days a password is valid before it expires.
    Minimum Length 8 The minimum password length required.
    Retry Limit 20 The number of retries allowed when entering an incorrect password. After this number of retries, the client is locked out, and the DataVault and all its contents is permanently deleted, rendering the application permanently unusable and all encrypted application data un-accessible permanently.
    Minimum Unique Characters 0 The minimum number of unique characters required in the password.
    Lock Timeout 0 The length of time in seconds the DataVault may remain unlocked within the application, before the user must re-enter their default password to continue using the application (similar to a screen-saver feature).

    Password Properties:

    		 See below Required password policies.

    Default Password Allowed

    		 Disabled Indicates whether a default password can be generated by the DataVault; from the user's point of view this policy turns off the password.
    Has Digits Disabled Indicates whether the password must include digits.
    Has Lower Disabled Indicates whether the password must include lower case letters.
    Has Upper Disabled Indicates whether the password must include upper case letters.
    Has Special Disabled Indicates whether the password can include special characters.
Parent topic: Deploying Applications
Previous topic: Defining Application Authentication
Next topic: Defining Push Notifications
Related concepts
Securing Sensitive Data On-Device with DataVault
Device Data Security
Client Password Policy for Data Vault Logins