How to set up passcode authentication with the AirWatch Android SDK

The AirWatch Android SDK provides an API to allow the developer to have the user authenticate their credentials against AirWatch. An application can limit its access to users by integrating user authentication. Users need to be authenticated against the AirWatch Console, whether it is for a basic enrollment user or an Active Directory account, allowing your application to follow the same corporate security policies that are enforced with your other applications and systems.

One type of authentication possible through the SDK is to use username and password credentials. 

Authentication Type




Designates a local passcode requirement for AirWatch applications or wrapped applications that have the default settings profile applied to them. Device users set their passcode on the device at the application level when they first access the application.

Username and Password

Requires a user to authenticate to AirWatch using the AirWatch credentials. Set these credentials when you add users in the Accounts area of the AirWatch Admin Console.


Requires no authentication to access the application.

Note: Authentication Type and SSO can work together or alone. If you enable an Authentication Type (passcode or username/password) without SSO, then users must enter a separate passcode or credentials for each individual application. If you enable both Authentication Type and SSO, then users enter either their passcode or credentials (whichever you configure as the Authentication Type) once and do not have to re-enter them until the SSO session terminates.

To set up your application to use a username and password to limit access, you can push down a custom SDK profile or use the default application settings set up in the Admin Console. 

In order to use the default application settings, navigate to Groups & Settings > All Settings > Apps > Settings and Policies > Security Policies and set the Authentication Type to Password.

For Passcode authentication, below are the following options:

Passcode Setting



Enable this option to require a local passcode requirement.

Authentication Timeout

Set the allowable time for access to applications before disallowing access due to inactivity. If SSO is enabled and the passcode times out, the SSO identity logs out of all AirWatch and configured corporate applications and resources.

Max Number of Failed Attempts

Set the maximum times a user can login with an incorrect passcode before having to authenticate and set a new passcode.

Passcode Mode

Set as Numeric or Alphanumeric.

Allow Simple Value

Set the passcode to allow simple strings. For example, allow strings like 1234 and 1111.

Min Passcode Length

Set the minimum number of characters for the passcode.

Min Number of Complex Characters (if Alphanumeric is selected)

Set the minimum number of complex characters for the passcode. For example, allow characters like [], @, and #.

Max Passcode Age (days)

Set the number of days the passcode remains valid before you must change it.

Passcode History

Set the number of passcodes the AirWatch Admin Console stores so that users cannot use recent passcodes.


Implementing an Authentication Wall

The example that follows demonstrates how to limit access for AirWatch users to the application developed. To do so, set up a Login View such as the one below to allow users to enter in their credentials and access the application. This allows for the application to force users to login using this view before removing the authentication wall.



In this example, a more fully functioning page demonstrates more of the SDK API capabilities. It resembles the following image: 



Attached is the xml layout file for the activity UI shown in the previous image. The next steps involve setting up the Activity class to give the buttons shown in the image above some functionality. In the OnCreate method, use the passcode policy set up in the SDK profile sent to the application. This can be done using the SDKManager’s getPasscodePolicy() method. 



Afterwards, use that passcode policy to do the following:

  • isPasscodeRequired()
  • getPasscodeComplexity()
  • getMinPasscodeLength()
  • getMaxPasscodeAge()
  • getPasscodeHistory()




After reviewing the passcode policy, use the SDKManager instance to set, validate, and reset the passcode with the following methods:

  • setPasscode()
  • validatePasscode()
  • resetPasscode()






You should now have an authentication wall that will allow a user to login and authenticate with their passcode. In this example, you will see a Toast appear with a Boolean true or false value indicating the success or failure of the validation.

Finishing Up

You should now be able to limit access to your application by implementing an authentication wall that blocks a user pending their entry of passcode. For more information, please see the Android SDK Implementation Guide as well as the javadocs that come as part of the Android SDK.

Have more questions? Submit a request


Article is closed for comments.