Question: 
What does XenMobile Client properties do?

Options to enable/disable client properties


Answer:
Client properties contain information that is provided directly to Secure Hub on user devices. Client properties are located in the XenMobile console in Settings > Client > Client Properties.

Client properties are used to configure settings such as the following:

User password caching

User password caching allows the users' Active Directory password to be cached locally on the mobile device. If you enable user password caching, users are prompted to set a Citrix PIN or passcode.

Inactivity timer

The inactivity timer defines the time in minutes that users can leave their device inactive and then can access an app without being prompted for a Citrix PIN or passcode. To enable this setting for an MDX app, you must set the App passcode policy to On. If the App passcode policy is Off, users are redirected to Secure Hub to perform a full authentication. When you change this setting, the value takes effect the next time users are prompted to authenticate.

Citrix PIN authentication

Citrix PIN simplifies the user authentication experience. The PIN is used to secure a client certificate or save Active Directory credentials locally on the device. If you configure PIN settings, the user sign on experience is as follows:

1. When users start Secure Hub for the first time, they receive a prompt to enter a PIN, which caches the Active Directory credentials.

2. When users subsequently start a XenMobile app, they enter the PIN and sign on.

You use client properties to enable PIN authentication, specify the PIN type, and specify PIN strength, length, and change requirements.

Fingerprint authentication

Fingerprint authentication is an alternative to Citrix PIN when wrapped apps, except for Secure Hub, need offline authentication, such as when the inactivity timer expires. You can enable this feature in the following authentication scenarios:

Citrix PIN + Client certificate configuration
Citrix PIN + Cached AD password configuration
Citrix PIN + Client certificate configuration and Cached AD password configuration
Citrix PIN is off

If fingerprint authentication fails or if a user cancels the fingerprint authentication prompt, wrapped apps fall back to Citrix PIN or AD password authentication.

Fingerprint authentication requirements:

- iOS devices (minimum version 8.1) that support fingerprint authentication and have at least one fingerprint configured.

- User entropy must be off.