IBM Traveler settings restrictions and default settings

IBM® Notes® Traveler Settings are supported in on-premises policies for service users. Be aware of the policy restrictions and default settings within the service.

For information about creating a Traveler policy settings document and all of the available settings, see the topic on creating a Traveler policy settings document in the Traveler 9.0.1 documentation.

Note: Security Settings can determine which devices and device versions can connect to the service. For information on supported devices and operating systems, see the IBM SmartCloud® Notes client requirements.

The following table describes the IBM Traveler policy settings that the service enforces. You cannot use an on-premises policy to change the setting values.

Table 1. Enforced IBM Traveler Settings
Setting Enforced value
Prohibit devices incapable of security enablement

Enabled

In general, this setting applies only to older mobile devices that do not support security enablement. For supported devices, see the IBM SmartCloud Notes client requirements.

Device Access
  • Require approval for device access (disabled)
  • Number of devices to allow per user before approval is required (1)
  • Optional: Addresses to notify when approval action is pending (none)
Maximum Email Attachment Size Allowed - Administrator

No limit. The service always syncs attachments to the devices.

The following table describes the Traveler Security Settings for device passwords that are enabled by default in the service. Device passwords are required by default but you can use an on-premises policy to disable this requirement or to customize device password settings.
Table 2. Default Traveler Security Settings for device passwords
Setting Default value in the service
Require device password Enabled.

If you require device passwords, Apple 5S and higher device users choose whether to enable the fingerprint identity sensor. If they enable the sensor, they are not required to enter the device password when they unlock the device. They are still prompted for the device password when they power on the device and at least once every 48 hours. Apple does not yet provide an API function that enables administrative control over the use of the fingerprint identity sensor.

If you require device passwords, Windows Tablet requires a device password of at least eight characters. The password must include at least three of the following types of characters: upper case, lower case, number, special character.

Note: If you do not want to require device passwords, select Do not require device password. This option is available through a modified version of the 9.0.1 Domino Directory template. For information on getting the latest template, see Technote 4037141.
Require device password > Prohibit ascending, descending and repeating sequences (Apple devices only) Enabled.

When enabled, ascending, descending and repeating sequences are not allowed. A sequence is three or more consecutive numbers or characters.

Require device password > Minimum password length 4
Require device password > Require alphanumeric value Disabled
Require device password > Auto lock period (maximum) 30 minutes
Require device password > Wrong passwords before wiping device Disabled
Require device password > Device password expiration 90 days
There is no Security Settings tab for Android devices in Domino® directory templates version 8.5.2 or earlier. For these template versions, the service applies Apple device security settings to Android devices. Android devices do not support all of the Apple device security policy settings, just the following ones:
  • Require device password
  • Require alphanumeric value
  • Minimum password length
  • Auto lock period (maximum)
  • Wrong passwords before wiping device
  • Prohibit devices incapable of security enablement *
* Compliance requires Android OS 2.2 or later with the IBM Traveler Device Administrator feature enabled by the user. The Device Administrator feature was added in Android 2.2.
There is no Security Settings tab for Windows Phone, and Windows Tablet devices in Domino directory templates version 9.0 or earlier. For these template versions, the service applies the following Apple device security settings to Windows Phone, and Windows Tablet devices:
  • Require device password
  • Require alphanumeric value
  • Minimum password length
  • Auto lock period (maximum)
  • Wrong passwords before wiping device