PIN
Last updated
Last updated
If a PIN has been configured to be the form of secondary authentication, a user logging into a device through the BlueFletch Authentication module will be prompted immediately after successfully entering their username and password to create a PIN. The PIN must be entered the same twice to confirm the sequence, and then the user will be allowed to access the logged-in state and their role-based applications.
If the user puts the device screen to sleep without logging out, upon waking the screen, the Authentication module will prompt the user to enter their PIN to access their authenticated apps again. If the user makes too many bad attempts to enter the PIN, the Authentication module will require the user to re-enter their password to access the logged-in state.
Optionally, one application can be configured to be accessible from the lock screen. This is essential when there is a need for users to quickly access some functionality, such as the Android phone app, without entering the PIN first. See the Quick Start package configuration notes below.
The following key-value pairs can be set within the settings
object of the Launcher configuration JSON file.
Settings for specific PIN requirements:
useSecondaryAuth
string
(See description above.) Assign the value "pin"
.
secondaryAuthPinLength
integer
Set the minimum number of digits required for PIN. Minimum value is 4, default is 6 if not specified. Available in Auth 3.1.x.
pinMaxLength
integer
Number of required digits for the PIN. Minimum of 4, maximum of 10, defaults to 6 if not specified. This setting supercedes secondaryAuthPinLength
, available from Auth 3.6.x and above.
pinEnforceConsecutiveRule
boolean
If true
, will not allow more than 3 consecutive similar digits (e.g. 1111 will not be allowed, but 1112 is allowed). Default is set to true
. Available from Auth 3.6.x and above.
pinEnforceSequentialRule
boolean
If true
, will not allow more than 3 sequential digits up or down (e.g. 1234 is not allowed but 1235 is allowed). Default is set to true
. Available from Auth 3.6.x and above.
pinEnforceBlackList
string
Comma-delimited list of PIN codes that cannot be used by the user (e.g. if 1112 is specified, even if it passes the consecutive rule, it will be disallowed by blacklist). Available from Auth 3.6.x and above.
pinMaxRetryCount
integer
During verification, max number of incorrect attempts allowed, after which the currently logged in user is forcibly logged out. Available from Auth 3.6.x and above.
pinAutoSubmit
boolean
If set to false
, will require the user to tap on the Enter key after entering their PIN. If set to true
, the PIN will be submitted after last entry (based on pinMaxLength
). Default is true
. Available from Auth 3.6.x and above.
Settings for an optional Quick Start package:
secondaryAuthQuickStartPackage
string
Allow one package to be opened from the PIN unlock screen. After a PIN has been setup during a login session, when a user opens the device they will see this app's icon in the lower right corner and can choose to access the package's main activity without unlocking the device.
e.g. If the value is "com.android.dialer"
, the user will see the Android phone icon and can launch the activity com.android.dialer.app.DialtactsActivity
.
secondaryAuthQuickStartIcon
string
Overrides the default application icon used used to launch secondaryAuthQuickStartPackage
with an image defined by file location on the device.
e.g. "/sdcard/DCIM/icons/bluefletch_logo.png"
.