PIN policies
One way to log in to an application is to use a PIN that is associated with a single application installation. To use that application on multiple devices, the user must set up a PIN on every device. They can use the same PIN on every device. The PIN encrypts sensitive data that is stored locally on the device. The PIN is not communicated to the server.
To ensure that users choose a strong PIN that provides a secure login, server-side configuration can instruct the application about the PIN policy. The PIN length depends on the application implementation. For example, the Mobile SDK requires a minimum length of five digits.
Configure a PIN policy
You can configure a different PIN policy for each application. To configure a PIN policy in the administration console, go to Configuration > App configuration and select PIN policies.
A PIN policy is identified by its name, so it's important to choose a name that makes sense.
Set the PIN length field to a value between five and 32. Five is the industry standard.
The Maximum similar digits field indicates how many times the same digit is allowed to be repeated. For example, when the value is set to 2, a PIN that contains 11 is accepted but 111 is not. The maximum similar digits cannot exceed the PIN length.
The Sequences allowed option indicates whether a sequence is allowed. A sequence is a logical relation between digits. Examples of a sequences include 12345, 13579, or 97531.
The Default PIN policy check box indicates whether this PIN policy is the default. When no PIN policy is selected for an application, the default PIN policy applies.
Block specific PINs
Some PINs might be commonly used even though they do not contain a sequence or too many similar digits. An example of such a PIN is 90210 or 00700. You can explicitly block those PINs.
To block specific PINs, add them to the PIN policy block list.
When you change the PIN length, all the existing blocked PINs are removed, because their length doesn't match the new PIN length.
