Device Policies
In the Admin Portal Access > Policies > Devices tab, you can register devices and configure parameters for those devices. When devices are registered, you can manage them from the Admin Portal.
To access and enable the Device options:
- Log in to Admin Portal, click Access > Policies, and select the policy set.
- Click Devices and you will see the following options:
Devices
| Available Settings | Description |
|---|---|
| Permit device registration | Select Yes to allow users to register devices, No to prevent users from registering devices, or “--” to use the default setting. The default is Yes. |
| Permit non-compliant devices to register | Select Yes to allow users to register non-compliant devices, No to prevent the user from registering non-compliant devices, or "--" (Not configured) to use the default setting. This policy must be set to Yes to bypass the Google services SafetyNet check and allow registration of the device. Notes: This policy is enforced by the registration application running on the device. If the user uses web registration instead of an application, this policy is not enforced. This policy is not supported on OS X and Android devices earlier than version 2.3. |
| Enable invite based registration | Click Yes to enable users to register devices using invite based registration, No to disable the policy, or "--" (equivalent to No) to use the default setting. You must select Yes to allow users to register their devices using the system generated QR code. |
| Allow user notifications on multiple devices | Select Yes to send authentication notifications to multiple registered devices, No to send to the first registered device only (default setting), or "--" to use the default setting. |
| Enable debug logging | There are two logging modes on devices: regular - the default setting - and debug logging. Use this policy to turn on the debug logging mode. Select Yes to enable debug logging, No to set regular logging, or "--" (Not configured) to use the default setting. |
| Report mobile device location | Select Yes to allow devices to report their location, No to stop the device from reporting location, or "--" to use the default setting (Yes). |
| Enforce fingerprint scan for Mobile Authenticator | Select Yes to require that users provide a finger print scan to use mobile authenticator. Using the associated policy option, users can alternatively use the client application PIN for access. The default setting is No. |
| Allow App PIN | Select Yes to allow users to access the mobile authenticator code using finger print or the client application PIN. The default setting is No. |
| Require client application passcode on device | Select Yes to require a passcode to open the client application, No to allow opening the client application without a passcode, or "--" (Not configured) to use the default setting. Important: You must select Yes to enable other client application passcode policies. |
| Auto-Lock (minutes) | Select a value from the "Auto-Lock (minutes)" drop-down list to set the number of minutes of inactivity before the client application is locked. Select "--" (Not configured) to use the default setting. Important: The "Require client application passcode on device" policy must be set to Yes to enforce this policy. |
| Lock on exit | Select Yes to require a passcode to open the client application after the client has been closed, No to allow opening the client application without a passcode, or "--" (Not configured) to use the default setting. Important: The "Require client application passcode on device" policy must be set to Yes to enforce this policy. |
