Access Manager appliance administrators can require users to set a PIN on their mobile devices as a security measure to prevent unauthorized users from accessing protected resources through the MobileAccess app. Administrators can also specify whether users must re-enter the PIN after a period of inactivity on the device.
For only iOS, Access Manager appliance allows users to use the fingerprint stored in iOS as a PIN. If you do not enable the option for a PIN, MobileAccess does not use the stored fingerprint. If you enable the PIN for MobileAccess, MobileAccess uses the stored fingerprint instead of the PIN. If a user has not configured the fingerprint reader for the iOS device, MobileAccess defaults to using the PIN instead.
Users must install the MobileAccess app on the mobile device before they can set the PIN. If a PIN is required, the MobileAccess app prompts users to set the PIN the first time they open the app. Otherwise, users can set, change, or remove the PIN anytime by accessing the Settings page from the MobileAccess app.
NOTE:The MobileAccess PIN is unrelated to the built-in device passcode, which is designed to protect other resources on the mobile device.
Even if the administrator does not require users to set a PIN, users can optionally set a PIN on their device. The PIN can be different for each mobile device the user registers. The PIN is not stored anywhere other than the device itself.
Administrators can change the PIN Prompt setting anytime in Administration Console Dashboard. If the administrator specifies that a PIN is required after a mobile device has already been registered, the next time the user launches the MobileAccess app on the mobile device, MobileAccess prompts the user to set a PIN. The app then prompts the user for that PIN each subsequent time the user accesses the app. If the administrator initially requires users to set a PIN and then changes that requirement, users can remove the PIN from their device. However, MobileAccess does not notify users if a PIN is no longer required.
(MobileAccess 2 app) If the users have enabled the device passcode, they will remain authenticated even if they close the app. Users will only need to enter the passcode to access the app. They do not need to specify their credentials at the user portal. However, if they sign out of the app, they must first sign in from the user portal to access the app.
Whether the Access Manager administrator requires users to set a PIN or a user chooses to set a PIN, by default users can enter their PIN incorrectly five times. On the fifth attempt, the application deregisters the mobile device and removes the current PIN. The user must then reregister the device and reset the PIN. For more information, see Deregistering Your Device
in the Access Manager 4.5 MobileAccess Quick Start.
NOTE:Administration Console might still display the device as registered even though the account providers are removed from the device.