Skip to main content
Skip table of contents

Local App Authentication profiles (UI)

Configuring the Local App Authentication policy

Use a Local App Authentication profile to set these options with the Local App Authentication policy. (See Policy profiles for general information about managing policy profiles.)

Click Apps, then Android or iOS, then the app you want to secure. The App details screen appears.

Click the settings gear on the Local App Authentication panel. The Policy details page appears, where you can create a new profile or edit an existing profile. 

On the Policy details page, click + Local App Authentication Profile to create a new profile, or click the View/Edit profile icon next to an existing profile to edit it.

On the Local App Authentication profile page, enter the Profile name and description, then select the desired policy options.

Policy optionDescription
Security MethodRequired. Passphrase or PIN.
Minimum passphrase/PIN lengthRequired. The minimum number of characters required for a user passphrase or PIN (as selected in "Security Method"). Longer passphrases and PINs are more secure, but require more effort from the user.

Optional. If selected, the user must enter their local passphrase or PIN whenever switching between apps, or when the secured app is idle for the configured number of minutes.

On Android, there is a 3-second grace period when switching apps before re-authentication is required.

Passphrase character types

(Passphrase only.) Passphrase must contain at least one of each selected character type:

  • Alpha [a-zA-Z]
  • Lowercase alpha [a-z]
  • Uppercase alpha [A-Z]
  • Numeric [0-9]
  • Special (#, &, ~, etc.)
Passphrase/PIN complexity

Optional. If selected, the user must select a complex passphrase or PIN.

Complex passphrases may not contain four or more of each of the following:

  • Same number and/or character, for example: 111111, abbbbc, 8888xyz
  • Numbers and/or characters in sequence (including reverse), for example: 123456, 8765ab, abcde1928
  • Any sequence of numbers (including reverse) with the same interval, such as odd/even numbers, for example: 1357xxx, 8642000, 036999
Passphrase/PIN historyOptional. If selected, the user cannot repeat a previously used passphrase when setting a new one
Maximum age ruleOptional. If selected, the user must change the passphrase at a regular interval. You can set a reminder for the user as well.
Invalid passphrase/PIN handling

Enable/disable lockout and select the number of attempts before locking the user out.

If this feature is enabled, and the user is locked out after the specified number of invalid attempts, then the app allows the user to re-authenticate with their gateway enrollment credentials and set a new local app passcode.

Biometric authentication*If selected, the user can authenticate with fingerprint or Face ID (as available on the device).
Unattended login*

If selected, allow app launched in the background to access information secured by local app authentication. User interactions with the app still require local app authentication.

For example, an app may not require the main UI to be available for certain tasks, such as an email client fetching emails and sending notifications for new email. This option allows the app's background processing to perform without having to ask the user to enter local app authentication credentials. Once the user is ready to interact with the app, the app prompts for local app authentication as usual.

  • iOS: If unattended login is enabled, background tasks do not run (the user does not receive notifications) until the user has started the app manually.
  • Android: If unattended login is enabled, background tasks including notifications work even before the user launches the app and authenticates.

* Biometric authentication and unattended login are convenience features. Enabling them can weaken the app security.

Applying the Local App Authentication policy

Click Apps, then Android or iOS, then the app you want to secure. The App details screen appears.

Under Policies to apply, click the triangle to expand the Local App Authentication panel

Select "Enable Local App Authentication policy."

Choose the Local App Authentication profile from the menu.

Click Apply policies.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.