Define SAML SCP Client Password Policy

Define the client password policy that is used to unlock the DataVault for the applications. Application developers must add code to the DataVault to enforce the client password policy. An administrator must enter the application password policy to unlock the DataVault during application initialization.

The client password policy applies only to the application password that unlocks the DataVault during application initialization; it affects neither SAP Cloud Platform mobile service for development and operations security profiles nor the back-end security systems with which it integrates. Password policies for back-end security systems are administered by your information technology departments using native security administration tools.

To define the Password policy:

  1. In Mobile Service for Development and Operations cockpit, select Mobile Applications > Native/Hybrid.
  2. Select an application, and then select Client Policies under Assigned Features.
    Figure 1. Application Details
  3. Under Passcode Policy, select Enable Passcode Policy checkbox and enter these details.
    Figure 2. Client Policies
    The following table shows the description for the fields.
    Property Default Description
    Expiration Time Frame Days 0 The number of days a password remains valid. The default value, 0, means the password never expires.
    Minimum Length 8 The minimum password length.
    Retry Limit 10 The number of retries allowed when entering an incorrect password. After this number of retries, the client is locked out, the DataVault and all its contents are permanently deleted, the application is unusable, and encrypted application data is inaccessible.
    Minimum Number of Unique Characters 0 The minimum number of unique characters required in the password.
    Lock Timeout 300 The number of seconds the DataVault remains unlocked within an application, before the user re-enters his or her password to continue using the application (like the screen-saver feature).
    Default Passcode Allowed Disabled If enabled, a default password is generated by the DataVault. This disables the password.
    Finger Print Allowed Enabled If enabled, it allows the use of native biometric techniques to unlock the app.
    Upper Case Character Required Disabled If enabled, the password must include uppercase letters.
    Lower Case Character Required Disabled If enabled, the password must include lowercase letters.
    Special Character Required Disabled If enabled, the password must include special characters.
    Digits Required Disabled If enabled, the password must include digits.
  4. Click Save.