Setting a passcode policy requires your end-users to enter a passcode, providing a first layer of defense for sensitive data on devices. The container Passcode profile is required to initiate the creation of the Knox Container.


  1. Navigate to Devices > Profiles & Resources > Profiles > Add > Add Profile > Android (Legacy).
  2. Select Container.
  3. Configure the profile's General settings. These General profile settings determine how the profile is deployed and who receives it.
  4. Access the Passcode tab and configure the following settings:
    Setting Description
    Fingerprint Authentication

    Enable this option to allow user to unlock the Knox container using their fingerprint.

    The available settings, if enabled are:

    • Multifactor Authentication
    • Maximum Number of Failed Attempts
    • Device Lock Timeout (in Minutes)
    Important: Samsung requires users to have a backup PIN.
    Multifactor Authentication

    Enable this option to require a two-step unlock process.

    The content must include a PIN or pattern and a fingerprint as the second authentication factor.

    This option only displays when Fingerprint Authentication is enabled.

    Minimum Passcode Length Enter the minimal number of passcode characters allowed.
    Maximum Number of Failed Attempts Enter the number of times a passcode can be entered incorrectly before the Knox container is disabled.
    Passcode Content

    Determine the strength of the passcode. More text boxes display based on the selection chosen.

    Important: For Knox v2.2 and above, if the minimum number of complex characters in the password set by the profile is greater than 4, then at least one lowercase character and one uppercase character are required.
    Maximum Passcode Age Enter the maximum number of days before a passcode must be changed.
    Passcode History Determines the number of passwords stored for a user account before an old password can be reused.
    Device Lock Timeout (in Minutes) Set how much time can lapse before the Knox container automatically locks.
    Maximum Length of Numeric Sequences Set the allowed length of a passcode sequence.
    Minimum Number of Characters Changed Set how many characters can be reused from a previous passcode.
    Forbidden Strings

    Enter the characters that cannot be used in a passcode.

    Select Addto insert more settings.

    Password Visibility Enable to allow users to view passcode as it is entered. If disabled, the passcode shows as asterisks when entered.
  5. Select Save & Publish.