Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry UEM 12.17
  3. Administration
  4. Managing device features
  5. Managing devices with IT policies
  6. Setting device password requirements
  7. Setting Android password requirements
  8. Android: Knox Premium - Workspace password rules

Android
:
Knox
 Premium - Workspace password rules

The
Knox
 Premium - Workspace password rules set the work space password requirements for devices with the following activation types:
  • Work and personal - user privacy
     (
    Samsung Knox
    )
  • Work and personal - full control
     (
    Samsung Knox
    )
  • Work space only
     (
    Samsung Knox
    )
Devices with these activation types must have a work space password.
If you are activating devices with
Android Enterprise
 activation types to use
Knox Platform for Enterprise
, use the
Android
 Work profile password rules. The
Samsung Knox
 activation types and
Knox
 Premium IT policy rules will be deprecated in a future release. For more information, visit https://support.blackberry.com/community to read article 54614.
Rule
Description
Password requirements
Specify the minimum requirements for the password. You can choose one of the following options:
  • Numeric - the password must include at least one number
  • Numeric Complex - the password must include at least one number, with no repeating (4444) or ordered (1234, 4321, 2468) sequences
  • Alphabetic - the password must include at least one letter
  • Alphanumeric - the password must include at least one letter and one number
  • Complex - allows you to set specific requirements for different character types
Minimum lowercase letters required in password
Specify the minimum number of lowercase letters that a complex password must contain.
Minimum uppercase letters required in password
Specify the minimum number of uppercase letters that a complex password must contain.
Minimum complex characters required in password
Specify the minimum number of complex characters (for example, numbers or symbols) that a complex password must contain. At least three complex characters are required, including at least one number and one symbol.
Maximum character sequence length
Specify the maximum length of an alphabetic sequence that is allowed in an alphabetic, alphanumeric, or complex password. For example, if the alphabetic sequence length is set to 5, the alphabetic sequence "abcde" is allowed but the sequence "abcdef" is not allowed. If set to 0, there are no alphabetic sequence restrictions.
Minimum password length
Specify the minimum length of the password. If you enter a value that is less than the minimum required by
Knox Workspace
, the
Knox Workspace
 minimum is used.
Maximum inactivity time lock
Specify the maximum period of user inactivity in the work space before the work space locks. If set to 0, the work space doesn’t have an inactivity timeout.
Maximum failed password attempts
Specify the number of times that a user can enter an incorrect password before the work space is wiped. If set to 0, there are no restrictions on the number of times a user can enter an incorrect password.
Password history restriction
Specify the maximum number of previous passwords that a device checks to prevent a user from reusing a recent password. If set to 0, the device does not check previous passwords.
Password expiration timeout
Specify the maximum number of days that the password can be used. After the specified number of days elapses, the password expires and a user must set a new password. If set to 0, the password does not expire.
Minimum number of changed characters for new passwords
Specify the minimum number of changed characters that a new password must include compared to the previous password. If set to 0, no restrictions are applied.
Allow keyguard customizations
Specify whether a device can use keyguard customizations, such as trust agents. If this rule is not selected, keyguard customizations are turned off.
Allow keyguard trust agents
Specify whether a user can keep the work space unlocked for 2 hours after the maximum inactivity timeout value. If you do not set an inactivity timeout value, the user can perform this action by default.
Allow password visibility
Specify whether the device password can be visible when the user is typing it. If this rule is not selected, users and third-party apps cannot change the visibility setting.
Enforce two-factor authentication
Specify whether a user must use two-factor authentication to access the work space. For example, you can use this rule if you want the user to authenticate using a fingerprint and a password.
Allow fingerprint authentication
Specify whether the user can use fingerprint authentication to access the work space.
For more information about the IT policy password rules, download the Policy Reference Spreadsheet.