Android: Knox Premium - Workspace password rules
KnoxPremium - Workspace password rules
KnoxPremium - Workspace password rules set the work space password requirements for devices with the following activation types:
- Work and personal - user privacy(Samsung Knox)
- Work and personal - full control(Samsung Knox)
- Work space only(Samsung Knox)
Devices with these activation types must have a work space password.
If you are activating devices with
Android Enterpriseactivation types to use
Knox Platform for Enterprise, use the
AndroidWork profile password rules. The
Samsung Knoxactivation types and
KnoxPremium IT policy rules will be deprecated in a future release. For more information, visit https://support.blackberry.com/community to read article 54614.
Specify the minimum requirements for the password. You can choose one of the following options:
Minimum lowercase letters required in password
Specify the minimum number of lowercase letters that a complex password must contain.
Minimum uppercase letters required in password
Specify the minimum number of uppercase letters that a complex password must contain.
Minimum complex characters required in password
Specify the minimum number of complex characters (for example, numbers or symbols) that a complex password must contain. At least three complex characters are required, including at least one number and one symbol.
Maximum character sequence length
Specify the maximum length of an alphabetic sequence that is allowed in an alphabetic, alphanumeric, or complex password. For example, if the alphabetic sequence length is set to 5, the alphabetic sequence "abcde" is allowed but the sequence "abcdef" is not allowed. If set to 0, there are no alphabetic sequence restrictions.
Minimum password length
Specify the minimum length of the password. If you enter a value that is less than the minimum required by
Knox Workspace, the
Knox Workspaceminimum is used.
Maximum inactivity time lock
Specify the maximum period of user inactivity in the work space before the work space locks. If set to 0, the work space doesn’t have an inactivity timeout.
Maximum failed password attempts
Specify the number of times that a user can enter an incorrect password before the work space is wiped. If set to 0, there are no restrictions on the number of times a user can enter an incorrect password.
Password history restriction
Specify the maximum number of previous passwords that a device checks to prevent a user from reusing a recent password. If set to 0, the device does not check previous passwords.
Password expiration timeout
Specify the maximum number of days that the password can be used. After the specified number of days elapses, the password expires and a user must set a new password. If set to 0, the password does not expire.
Minimum number of changed characters for new passwords
Specify the minimum number of changed characters that a new password must include compared to the previous password. If set to 0, no restrictions are applied.
Allow keyguard customizations
Specify whether a device can use keyguard customizations, such as trust agents. If this rule is not selected, keyguard customizations are turned off.
Allow keyguard trust agents
Specify whether a user can keep the work space unlocked for 2 hours after the maximum inactivity timeout value. If you do not set an inactivity timeout value, the user can perform this action by default.
Allow password visibility
Specify whether the device password can be visible when the user is typing it. If this rule is not selected, users and third-party apps cannot change the visibility setting.
Enforce two-factor authentication
Specify whether a user must use two-factor authentication to access the work space. For example, you can use this rule if you want the user to authenticate using a fingerprint and a password.
Allow fingerprint authentication
Specify whether the user can use fingerprint authentication to access the work space.
For more information about the IT policy password rules, download the Policy Reference Spreadsheet.