Product Documentation

Client property reference

Jul 30, 2015

The XenMobile predefined client properties and their default settings are as follows.

ENABLE_PASSCODE_AUTH

Display name: Enable Worx PIN Authentication

This key allows you to turn on Worx PIN functionality. With the Worx PIN or passcode, users are prompted to define a PIN to use instead of their Active Directory password. This setting is automatically enabled when ENABLE_PASSWORD_CACHING is enabled or when XenMobile is using certificate authentication.

If users are performing offline authentication, the Worx PIN is validated locally and users are allowed to access the app or content they requested. If users are performing online authentication, the Worx PIN or passcode is used to unlock the Active Directory password or certificate, which is then sent to perform authentication with XenMobile.

Possible values: true or false

Default value: false

ENABLE_PASSWORD_CACHING

Display name: Enable User Password Caching

This key lets you allow the users' Active Directory password to be cached locally on the mobile device. When you set this key to true, users are prompted to set a Worx PIN or passcode. The ENABLE_PASSCODE_AUTH key must be set to true when you set this key to true.

Possible values: true or false

Default value: false

ENCRYPT_SECRETS_USING_PASSCODE

Display name: Encrypt secrets using Passcode

This key lets sensitive data be stored on the mobile device in a secret vault instead of in a platform-based native store, such as the iOS keychain. This configuration key enables strong encryption of key artefacts, but also adds user entropy (a user-generated random PIN code that only the user knows). 

Citrix recommends you enable this key to help provide higher security on user devices.

Note: Enabling this key affects the user experience in terms of a greater number of authentication prompts for the Worx PIN.

Possible values: true or false

Default value: false

PASSCODE_TYPE

Display name: Worx PIN Type

This key defines whether users are able to define a numerical Worx PIN or an alphanumeric Worx passcode. When you select Numeric, users can only define a numeric Worx PIN. When you select Alphanumeric, users can use a combination of letters and numbers for the Worx passcode.

Note: When you change the setting, users are prompted to set a new Worx PIN or passcode the next time they are prompted to authenticate.

Possible values: Numeric or Alphanumeric

Default value: Numeric

PASSCODE_EXPIRY

Display name: Worx PIN Expiry Requirement

This key defines the time in days for which the Worx PIN or passcode is valid, after which the user is forced to change their Worx PIN or passcode. When you change this setting, the new value is set only when users' current Worx PIN or passcode expires.

Possible values: 1-99

Default value: 90

PASSCODE_HISTORY

Display name: Worx PIN History

This key defines the number of previously used Worx PINs or passcodes that users cannot reuse when changing their Worx PIN or passcode. When you change this setting, the new value is set the next time users reset their Worx PIN or passcode.

Possible values: 1-99

Default value: 5

PASSCODE_MAX_ATTEMPTS

Display name: Worx PIN Maximum Attempts

This key defines how many wrong Worx PIN or passcode attempts users can make before being prompted for full authentication. After users successfully perform a full authentication, they are prompted to create a new Worx PIN or passcode.

Possible values: Any positive integer

Default value: 15

INACTIVITY_TIMER

Display name: Inactivity Timer

This key defines the time in minutes that users can leave their device inactive and then access an app without being prompted for a Worx PIN or passcode. To enable this setting for an MDX app, you must set the App Passcode setting to On. If the App Passcode setting is set to Off, users are redirected to Worx Home to perform a full authentication. When you change this setting, the value takes effect the next time users are prompted to authenticate.

Possible values: Any positive integer

Default value: 15

PASSCODE_STRENGTH

Display name: Worx PIN Strength Requirement

This key defines the strength of Worx PIN or passcode. When you change this setting, users are prompted to set a new Worx PIN or passcode the next time they are prompted to authenticate.

Possible values: Low, Medium, or Strong

Default value: Medium

The following table describes the password rules for each strength setting based on the setting you select for PASSCODE_TYPE:

Passcode strength

Rules for numeric passcode type

Rules for alphanumeric passcode type

Low

All numbers, any sequence allowed

Must contain at least one number and one letter.

Not allowed: AAAaaa, aaaaaa, abcdef

Allowed: aa11b1, Abcd1#, Ab123~, aaaa11, aa11aa

Medium
(default setting)

1. All numbers cannot be the same. For example, 444444 is not allowed.

2. All numbers cannot be consecutive. For example, 123456 or 654321 is not allowed.

Allowed: 444333, 124567, 136790, 555556, 788888

In addition to the rules for Low passcode strength:

1. Letters and all numbers cannot be same. For example, aaaa11, aa11aa, or aaa111 are not allowed.

2. Letters cannot be consecutive and numbers cannot be consecutive. For example, abcd12, bcd123, 123abc, xy1234, xyz345, or cba123 are not allowed.

Allowed: aa11b1, aaa11b, aaa1b2, abc145, xyz135, sdf123, ab12c3, a1b2c3, Abcd1#, Ab123~

Strong

Same as for the Medium Worx PIN passcode strength.

The passcode should include at least one number, one special symbol, one capital letter, and one small letter.

Not allowed: abcd12, Abcd12, dfgh12, jkrtA2

Allowed: Abcd1#, Ab123~, xY12#3, Car12#, AAbc1#

 

ENABLE_CRASH_REPORTING

Display name: Enable Crash reporting

This key enables or disables crash reporting using Crashlytics for Worx apps.

Possible values: true or false

Default value: true

DISABLE_LOGGING

Display name: Disable logging

This key lets you disable the ability for users to collect and upload logs from their devices. Logging is disabled for Worx Home and for all installed MDX apps. Users cannot send logs for any app from the Support page; even though the mail composition dialog box appears, logs are not attached, but a message is appended saying that logging is disabled. In addition to the effect on users’ devices, you cannot modify log settings in the XenMobile console for Worx Home and MDX apps.

When this key is set to true, Worx Home sets Block application logs to true, ensuring that MDX apps stop logging when the new policy is applied.

Possible values: true or false

Default value: false (logging is not disabled)