Loading
Ongoing maintenance for Salesforce HelpRead More
Feature degradation | Gmail Email delivery failureRead More
Set Up and Maintain Your Salesforce Organization
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Manage Mobile Policies for a Connected App: Mobile PIN Timeout Control

            You are here:

            1. Salesforce Help
            2. Docs
            3. Set Up and Maintain Your Salesforce Organization

            Manage Mobile Policies for a Connected App: Mobile PIN Timeout Control

            This security setting defines the maximum duration of inactivity permitted before the mobile application locks the interface and requires the user to re-authenticate.

            Control Name

            Connected Apps: Manage Mobile Policies for a Connected App: Mobile PIN Timeout

            Recommended Configuration

            Require Pin after - Select "5 minutes".

            Control Overview

            This security setting defines the maximum duration of inactivity permitted before the mobile application locks the interface and requires the user to re-authenticate with a numerical personal identification number or biometric credential.

            Security Risk If Not Configured

            Excessive PIN timeout intervals for mobile connected app sessions lead to a vulnerability where stolen or lost devices remain unlocked and accessible to unauthorized finders for extended periods.

            Threat Scenarios

            An attacker gains physical possession of a mobile device shortly after the legitimate user has stopped using it and successfully extracts sensitive customer data because the inactivity timer has not yet triggered a re-authentication challenge.

            Estimated CVSS Score Range

            High (7.0–8.9).

            Risk Impact Considerations

            Failure to enforce short timeout intervals facilitates the unauthorized use of active session tokens and the exfiltration of cached offline data, potentially leading to a significant breach of org data confidentiality.

            Higher Risk When

            When the mobile application is deployed on unmanaged personal devices or when the application is granted persistent access to high-value financial and strategic records.

            Low Risk When

            If the org uses a Mobile Device Management solution to enforce an overarching system-level screen lock that is more restrictive than the application-specific timeout.

            Business and Integration Considerations

            A 5-minute timeout is the recommended standard for high-sensitivity environments to prevent physical data breaches, while longer intervals may be appropriate for low-risk field operations to reduce repetitive authentication friction for the workforce.

            Recommended Remediation

            Go to the Mobile App Settings for the specific Connected App and set the Require PIN after value to 5 minutes to ensure rapid session locking upon inactivity.

            Security Health Review Guidance

            Security Health Review identifies a 5-minute PIN timeout as a strongly recommended standard for mobile security to minimize the window of opportunity for unauthorized access following the physical loss of a device.

            See Also

             
            Loading
            Salesforce Help | Article