PIN | BlueFletch Enterprise

If a PIN has been configured to be the form of secondary authentication, a user logging into a device through the BlueFletch Authentication module will be prompted immediately after successfully entering their username and password to create a PIN. The PIN must be entered the same twice to confirm the sequence, and then the user will be allowed to access the logged-in state and their role-based applications.

If the user puts the device screen to sleep without logging out, upon waking the screen, the Authentication module will prompt the user to enter their PIN to access their authenticated apps again. If the user makes too many bad attempts to enter the PIN, the Authentication module will require the user to re-enter their password to access the logged-in state.

Optionally, one application can be configured to be accessible from the lock screen. This is essential when there is a need for users to quickly access some functionality, such as the Android phone app, without entering the PIN first. See the Quick Start package configuration notes below.

Configuration

The following key-value pairs can be set within the settings object of the Launcher configuration JSON file.

Settings for specific PIN requirements:

Field Data Type Description

Field	Data Type	Description
useSecondaryAuth	string	(See description above.) Assign the value `"pin"`.
secondaryAuthPinLength	integer	Set the minimum number of digits required for PIN. Minimum value is 4, default is 6 if not specified. Available in Auth 3.1.x.
pinMaxLength	integer	Number of required digits for the PIN. Minimum of 4, maximum of 10, defaults to 6 if not specified. This setting supercedes `secondaryAuthPinLength`, available from Auth 3.6.x and above.
pinEnforceConsecutiveRule	boolean	If `true`, will not allow more than 3 consecutive similar digits (e.g. 1111 will not be allowed, but 1112 is allowed). Default is set to `true`. Available from Auth 3.6.x and above.
pinEnforceSequentialRule	boolean	If `true`, will not allow more than 3 sequential digits up or down (e.g. 1234 is not allowed but 1235 is allowed). Default is set to `true`. Available from Auth 3.6.x and above.
pinEnforceBlackList	string	Comma-delimited list of PIN codes that cannot be used by the user (e.g. if 1112 is specified, even if it passes the consecutive rule, it will be disallowed by blacklist). Available from Auth 3.6.x and above.
pinMaxRetryCount	integer	During verification, max number of incorrect attempts allowed, after which the currently logged in user is forcibly logged out. Available from Auth 3.6.x and above.
pinAutoSubmit	boolean	If set to `false`, will require the user to tap on the Enter key after entering their PIN. If set to `true`, the PIN will be submitted after last entry (based on `pinMaxLength`). Default is `true`. Available from Auth 3.6.x and above.

useSecondaryAuth

string

(See description above.) Assign the value "pin".

secondaryAuthPinLength

integer

Set the minimum number of digits required for PIN. Minimum value is 4, default is 6 if not specified. Available in Auth 3.1.x.

pinMaxLength

integer

Number of required digits for the PIN. Minimum of 4, maximum of 10, defaults to 6 if not specified. This setting supercedes secondaryAuthPinLength, available from Auth 3.6.x and above.

pinEnforceConsecutiveRule

boolean

If true, will not allow more than 3 consecutive similar digits (e.g. 1111 will not be allowed, but 1112 is allowed). Default is set to true. Available from Auth 3.6.x and above.

pinEnforceSequentialRule

boolean

If true, will not allow more than 3 sequential digits up or down (e.g. 1234 is not allowed but 1235 is allowed). Default is set to true. Available from Auth 3.6.x and above.

pinEnforceBlackList

string

Comma-delimited list of PIN codes that cannot be used by the user (e.g. if 1112 is specified, even if it passes the consecutive rule, it will be disallowed by blacklist). Available from Auth 3.6.x and above.

pinMaxRetryCount

integer

During verification, max number of incorrect attempts allowed, after which the currently logged in user is forcibly logged out. Available from Auth 3.6.x and above.

pinAutoSubmit

boolean

If set to false, will require the user to tap on the Enter key after entering their PIN. If set to true, the PIN will be submitted after last entry (based on pinMaxLength). Default is true. Available from Auth 3.6.x and above.

Settings for an optional Quick Start package:

Field Data Type Description

Field	Data Type	Description
secondaryAuthQuickStartPackage	string	Allow one package to be opened from the PIN unlock screen. After a PIN has been setup during a login session, when a user opens the device they will see this app's icon in the lower right corner and can choose to access the package's main activity without unlocking the device. e.g. If the value is `"com.android.dialer"`, the user will see the Android phone icon and can launch the activity `com.android.dialer.app.DialtactsActivity`.
secondaryAuthQuickStartIcon	string	Overrides the default application icon used used to launch `secondaryAuthQuickStartPackage` with an image defined by file location on the device. e.g. `"/sdcard/DCIM/icons/bluefletch_logo.png"`.

secondaryAuthQuickStartPackage

string

Allow one package to be opened from the PIN unlock screen. After a PIN has been setup during a login session, when a user opens the device they will see this app's icon in the lower right corner and can choose to access the package's main activity without unlocking the device. e.g. If the value is "com.android.dialer", the user will see the Android phone icon and can launch the activity com.android.dialer.app.DialtactsActivity.

secondaryAuthQuickStartIcon

string

Overrides the default application icon used used to launch secondaryAuthQuickStartPackage with an image defined by file location on the device. e.g. "/sdcard/DCIM/icons/bluefletch_logo.png".

PreviousSecondary Authentication NextFace Recognition

Last updated 8 months ago