Loading
Feature degradation | Gmail Email delivery failureRead More
Set Up and Maintain Your Salesforce Organization
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Mobile App Settings: Mobile PIN Requirement Control

            You are here:

            1. Salesforce Help
            2. Docs
            3. Set Up and Maintain Your Salesforce Organization

            Mobile App Settings: Mobile PIN Requirement Control

            This security setting mandates a secondary layer of local authentication by requiring users to enter a numerical personal identification number or biometric equivalent before accessing the mobile application interface.

            Control Name

            Connected Apps: Mobile App Settings: Mobile PIN Requirement

            Recommended Configuration

            PIN Protect - Select.

            Control Overview

            This security setting mandates a secondary layer of local authentication by requiring users to enter a numerical personal identification number or biometric equivalent before accessing the mobile application interface.

            Security Risk If Not Configured

            Disabled PIN protections for mobile connected app sessions lead to a vulnerability where local corporate data and active session tokens remain completely unprotected if the physical device is lost or stolen.

            Threat Scenarios

            An unauthorized individual gains physical possession of an unlocked mobile device and opens the Salesforce application to export sensitive contact records or internal price books because no secondary local challenge was required.

            Estimated CVSS Score Range

            High (7.0–8.9).

            Risk Impact Considerations

            Failure to enforce a local PIN facilitates immediate unauthorized access to synchronized offline data and active API sessions, potentially leading to a significant breach of confidentiality and regulatory non-compliance.

            Higher Risk When

            When the mobile application is configured to store large amounts of cached data locally or when the device does not have an overarching operating system-level passcode.

            Low Risk When

            If the company uses a centralized Mobile Device Management solution to enforce full-disk encryption and remote wipe capabilities on all corporate-enrolled hardware.

            Business and Integration Considerations

            Implementing mandatory PIN protection enhances data residency security but may slightly decrease user convenience by adding an additional interaction step during frequent application access.

            Recommended Remediation

            Go to the Mobile App Settings for the Connected App, select the PIN Protect checkbox, and define the desired length and session timeout requirements for the challenge.

            Security Health Review Guidance

            Security Health Review identifies local PIN enforcement as a strongly recommended standard to protect the integrity of the mobile perimeter and make sure that physical device compromise does not result in immediate data exfiltration.

            See Also

             
            Loading
            Salesforce Help | Article