BlueFletch Enterprise
  • BlueFletch Enterprise
  • Product Guides
    • BlueFletch Launcher
      • Configurable Layouts
        • Layouts
        • Orientation Options
        • Criteria
        • Widgets
        • Implied Groups
        • Kiosk Mode
        • Persistent Foreground App
        • Password Protected Applications
        • Quick Start Applications Folder
        • Layout Custom Actions
        • Replacement Values
        • Assets Manager
      • Theming
        • Configure Theme
        • Site-Specific Theming
        • Custom Field Display
      • Site Information Service
      • Custom Intents
        • Standard Android Intents
        • Platform Actions
        • Filtering
        • Technical Guide
      • Security and Safety
        • Clear App Data on Logout
        • Application Enabler
        • Disable Packages
        • Key Management
        • NFC Enable/Disable
        • Secure Notifications
        • Wi-Fi UI Settings Enable/Disable
        • Motion Activated Device Lock
        • Unique Login
        • Local Admin Password
        • Device Remote Lock
      • Device Loss Prevention
        • Low Battery Mode
        • Luggage Tag Mode
        • Secure Device Mode
      • Launcher Provider SDK
      • Load Configurations via QR Code Scan
      • Getting Started
      • Technical Guide
      • Release Notes
    • Authentication and SSO
      • Features
        • Secondary Authentication
          • PIN
          • Face Recognition
          • NFC Tag
          • Barcode
          • Alternate Secondary Authentication
      • Technical Guide
        • LDAP
        • AppAuth/OIDC
        • Okta (Session)
        • MSAL
        • ADFS 3.0/2012 Using ADAL
      • Release Notes
    • Support Application
      • Features
        • Events to Splunk
        • Logs to Azure
        • External Configuration Support
        • Application Usage History
        • Generating RxLogger Log Files
      • Technical Guide
        • Event Information
        • Event Examples
      • Support Installer
      • Getting Started
      • Release Notes
    • Device Finder
      • Features
        • Device Details
        • Device Status
        • View Site Devices
      • Technical Guide
      • Getting Started
      • Release Notes
    • Browser
      • Features
        • Custom Scripts
        • FIDO2 / Webauthn Support
        • URL AllowList and BlockList
      • Technical Guide
        • Configuring Browser
        • All Configuration
        • Available Intents
        • APIs and Page Actions
      • Release Notes
    • Chat
      • Features
      • Technical Guide
      • Getting Started
      • Release Notes
    • Playbook Agent
      • Features
      • Getting Started
      • Release Notes
    • Portal
      • Login & Logout
      • Navigation & Account Settings
      • Support Agent
        • Home
        • Device Details
        • Dashboards
        • Cards
        • Event Explorer
        • Reports
      • Enterprise Launcher
        • Creating a Configuration
        • Sending a Notification
        • Managing Sites
      • Playbook MDM
        • Playbooks
        • Plays
        • Devices
        • Deployment Groups
        • Zebra StageNow
      • EMM Console
        • Overview
        • Setup
          • Enroll Org in EMM
          • Policy Management
          • Provisioning
          • Device Management
          • Installing Playbook in EMM
        • Troubleshooting
          • Device Issues
          • Policy Issues
      • Chat Manager
        • Overview
        • Chat Roles
        • Chat Channels
        • Chat Audio Transcription
        • Message Logs
      • Admin
        • Organization
        • Single Sign On
          • Azure Setup
          • Okta Setup
          • Google Workspace Setup
          • Portal Setup
        • Users
        • Roles
          • Overview
          • Predefined Roles
          • Permissions
          • Manage Roles
        • Downloads
        • Agents
        • Key Management
          • Overview
          • API Keys
          • Device Keys
          • Device Restrictions
          • Allowed IP Addresses
        • Enterprise
        • Audit Logs
      • Event Forwarding
      • Remote Control
      • Getting Started
      • Release Notes
    • Other Applications
      • Messaging
        • Features
        • Technical Guide
        • Release Notes
      • Keyboard
        • Features
        • Technical Guide
          • How to: Set Keyboard as default
        • Release Notes
      • Bluetooth
        • Features
        • Release Notes
      • Voice Chat
        • Features
        • Release Notes
      • Device Remote Control
        • Features
        • Technical Guide
        • Release Notes
      • Device ID
        • Features
        • Technical Guide
        • Release Notes
      • Suite Installer
        • Technical Guide
        • Release Notes
      • Accessibility Enabler
        • Release Notes
      • EPM Plugin
        • Features
        • Technical Guide
        • Release Notes
    • Workforce Identity
  • Technical Documentation
    • Updating License Key
    • Commonly Reported Issues
    • Deploying BlueFletch Enterprise
      • Android 10 and 11
      • MDMs
        • Workspace One (VMWare AirWatch)
        • SOTI
        • Microsoft Intune
          • Microsoft Intune + Playbook
      • From Portal to Playbook Agent
Powered by GitBook
On this page
  1. Product Guides
  2. Authentication and SSO
  3. Features
  4. Secondary Authentication

PIN

PreviousSecondary AuthenticationNextFace Recognition

Last updated 9 months ago

If a PIN has been configured to be the form of secondary authentication, a user logging into a device through the BlueFletch Authentication module will be prompted immediately after successfully entering their username and password to create a PIN. The PIN must be entered the same twice to confirm the sequence, and then the user will be allowed to access the logged-in state and their role-based applications.

If the user puts the device screen to sleep without logging out, upon waking the screen, the Authentication module will prompt the user to enter their PIN to access their authenticated apps again. If the user makes too many bad attempts to enter the PIN, the Authentication module will require the user to re-enter their password to access the logged-in state.

Optionally, one application can be configured to be accessible from the lock screen. This is essential when there is a need for users to quickly access some functionality, such as the Android phone app, without entering the PIN first. See the Quick Start package configuration notes below.

Configuration

Settings for specific PIN requirements:

Field
Data Type
Description

useSecondaryAuth

string

(See description above.) Assign the value "pin".

secondaryAuthPinLength

integer

Set the minimum number of digits required for PIN. Minimum value is 4, default is 6 if not specified. Available in Auth 3.1.x.

pinMaxLength

integer

Number of required digits for the PIN. Minimum of 4, maximum of 10, defaults to 6 if not specified. This setting supercedes secondaryAuthPinLength, available from Auth 3.6.x and above.

pinEnforceConsecutiveRule

boolean

If true, will not allow more than 3 consecutive similar digits (e.g. 1111 will not be allowed, but 1112 is allowed). Default is set to true. Available from Auth 3.6.x and above.

pinEnforceSequentialRule

boolean

If true, will not allow more than 3 sequential digits up or down (e.g. 1234 is not allowed but 1235 is allowed). Default is set to true. Available from Auth 3.6.x and above.

pinEnforceBlackList

string

Comma-delimited list of PIN codes that cannot be used by the user (e.g. if 1112 is specified, even if it passes the consecutive rule, it will be disallowed by blacklist). Available from Auth 3.6.x and above.

pinMaxRetryCount

integer

During verification, max number of incorrect attempts allowed, after which the currently logged in user is forcibly logged out. Available from Auth 3.6.x and above.

pinAutoSubmit

boolean

If set to false, will require the user to tap on the Enter key after entering their PIN. If set to true, the PIN will be submitted after last entry (based on pinMaxLength). Default is true. Available from Auth 3.6.x and above.

Settings for an optional Quick Start package:

Field
Data Type
Description

secondaryAuthQuickStartPackage

string

Allow one package to be opened from the PIN unlock screen. After a PIN has been setup during a login session, when a user opens the device they will see this app's icon in the lower right corner and can choose to access the package's main activity without unlocking the device. e.g. If the value is "com.android.dialer", the user will see the Android phone icon and can launch the activity com.android.dialer.app.DialtactsActivity.

secondaryAuthQuickStartIcon

string

Overrides the default application icon used used to launch secondaryAuthQuickStartPackage with an image defined by file location on the device. e.g. "/sdcard/DCIM/icons/bluefletch_logo.png".

The following key-value pairs can be set within the object of the Launcher configuration JSON file.

settings