- 31 Jul 2024
- 4 Minutes to read
- Print
- PDF
Advanced Password Management
- Updated on 31 Jul 2024
- 4 Minutes to read
- Print
- PDF
With Advanced Password Management, IT Admins can now configure and enforce device passwords directly from the Scalefusion dashboard. This eliminates the need for users to manually set passwords on their devices. Additionally, it proves beneficial in situations where users have forgotten their passwords, as admins can easily reset the password using a Master Reset Pin. This feature ensures robust security and simplifies password management across all managed devices.
Prerequisites
Devices should be EMM-managed devices.
Latest Scalefusion Agent should be installed on the devices.
Configuring the Advanced Password Settings
Navigate to Device Profiles & Policies > Device Profile.
Select the Device Profile where you would like to configure the Advanced Password settings.
Click on the Edit button for that profile.
Go to Passcode Settings > Advanced Password Management. Here you will see the following settings:
Allow User to Reset Passwords: Enable this option to allow the users to reset passwords from the device using the Master Reset pin in case they have forgotten the password.
Configure Wrong Password Attempts: You can set a value to number of times a user can enter the wrong password before they see the pop-up to reset the password. You can set it from 3 to 9 times.
Configure Password: Toggle on this button to create a password. You can:
Create a Static Password: Use this option to create a static password manually for all the devices where the profile is applied.
In case you have also configured a Password Policy, then this password will follow that policy. For example, if the Password Policy is Numeric with min length as 4, then you will need to create a numeric Static password with a min length of 4 also.
Auto-Generate Dynamic Password: If you would like to have different passwords on different devices, you can use this option to dynamically generate unique password for each device.
You can also set the dynamic password to Auto rotate at a set interval of time. This interval could be 15, 30, 60 or 90 days.
Note:
If you have selected to dynamically auto-generate the password for each device, then you will have to share the unique passwords with each user manually.
Once you have configured the advanced settings click on Update Profile button. This configuration will be applied to all the devices where this Device Profile is applied.
On the dashboard
You will be able to see the Static password as well the Dynamic password for each device, in the View Details for each device. Here you will also find the Master Reset Pin which you can use for resetting a password for a user(s) who might have forgotten the device password.
Navigate to Devices section on the dashboard.
Click on device name for the concerned device.
In the device information card, you will see a new field called Password Status.
Click on View Details to see the password details.
Scalefusion Password: This tab will show the Profile exit passcode along with the Device level exit passcode, if set.
Device Password: In this tab you will find the Master Reset Pin, Last Applied Password (from the Profile) and Last Sync’ed Password (from the device side).
Password Compliance: This shows as Yes, if the device has acknowledged the password set by the Admin and the Last Sync’ed password matches. In case if Last Applied Password and Last Sync’ed Password do not match, then it shows as No.
Resetting password on the device using Master Reset pin
If a user has forgotten their device password, ask them to try the incorrect passwords to show the reset pop-up. For example, if the “Wrong Password Attempts” is set to “3 times”, then after entering incorrect password 3 times, the user will see a pop-up as shown below on the device.
Ask them to tap on Yes.
Please note:
Your This above window is shown automatically when the wrong password is entered, however, on some devices it does not appear automatically, and user might have to tap on Back button to make it appear. This happens randomlly.
In this screen, you will need to provide the Master Reset Pin which the user will enter to unlock the lock screen.
Note:
The Master Reset Pin changes automatically once it has been used, so that user cannot use the same Master Reset pin to reset the password again. They will need contact their IT Admins for the same.
The user might see the screen to enter the pin again immediately after they enter the Master Reset Pin, it’s ok, simply ask them to switch off the display and switch it back on, this will unlock the lock screen.
Once done you can then share the Last Sync’ed Password with the user for the said device so that they can continue using the same password as it was configured in the Profile.
Note:
The above steps will also work even if the device has lost internet connectivity.
Note:
The above steps will also work in case there is no Password configured in the Profile, however, a Password policy is applied on the device and user has manually set the password as per the policy.
Once the lock screen is unlocked, user will again see a message to set a device password and they can then set a new password on the device.
Note:
If you delete a device from the dashboard, then the admin will not know the auto-generated password on the device. However, if there was a Delete device Workflow applied on the device(s) then the password is sent in an email to main admin’s email id.