MFA Guides

Bluetooth Method

The Bluetooth content area enables administrators to establish, configure, enable and maintain Bluetooth devices, which includes the in-range and out-of-range behaviors along with the range type and prompt time.


There are four OTP content areas.

Table 30. bluetooth OTP content

Content area


Profile List

Profile ListProfile List provides an overview of the configured Bluetooth Profiles, including the configured policy.


Policies provides the ability for organizations to establish Bluetooth usage policies and selection criteria for securing OTP Tokens protected with a timeout of the token and max attempts.

New Profile

New Profile provides the ability for organizations to create custom profiles that can pair with Bluetooth policy with Sets and assigned to users.

New PIN Policy

New PIN Policy provides the ability to create custom PIN policies for Bluetooth authentication.

Bluetooth - Profile List

By default, RapidIdentity Server has a single profile for Bluetooth.

The Default profile contains a default PIN Policy with these settings.

Table 31. Default PIN Policy settings



Require PIN

Yes. User must provide PIN in addition to fingerprint to login but not to unlock a locked session.

In Range Behavior

0. This value indicates “none”.

Out of Range Behavior

1. This value indicates “lock”.

Out of Range Type

2. This value indicates “prompt keypress cancel”.

Prompt time (seconds)


Secure Logon Password (required)

No. If set to “Yes”, a user’s password will be randomized and unknown to the user upon enrollment.

Administrators can remove a profile by clicking Delete or edit a profile by clicking Edit.

Bluetooth - Edit Profile

After editing the Bluetooth Profile settings, click Save or Cancel to discard.

Bluetooth - PIN Policies

The PIN Policies content area provides the ability for organizations to create custom PIN policies and edit out-of-the-box PIN policies.


Bluetooth PIN Policies function identically to Biometric PIN Policies.

Bluetooth - New Profile

In order to assign a new Profile to a Set, administrators must first create the new Profile.

Follow these three steps to create a new Profile.

  1. Click New Profile.

  2. Enter a Name and Description and modify the criteria as needed.

    1. Choose Require a PIN for Workstation Logon if the user is to be prompted for a password when presenting their authentication method.

    2. Choose Do NOT Require PIN for Workstation Unlock when the system is locked and the user presents their authentication method. The user will NOT be asked to enter a password.

    3. Choose Secure Logon Password has a default set to No. If this is enabled, when the user presents their finger to the reader the user’s password will be randomized and unknown to the user.

  3. Click Save or Cancel to discard.

Bluetooth - New PIN Policy

To create a new PIN Policy, click New PIN Policy.


Name the new policy and adjust the criteria as necessary. When complete, click Save or Cancel to discard.

Table 32. Bluetooth adjust criteria




The name of the PIN Policy.

Attempts until PIN is Blocked

This number represents how many incorrect attempts can be made before the RapidIdentity Windows Client will block the user’s login process.

Number of PINs to Keep in History

This number determines how many PINs are stored at a given time.

Minimum/Maximum PIN Length

Determines the length of the PIN that is used on enrollment and logging into the system.

PIN Expiration Days

Determines how long the registered PIN will last before expiring.

PIN must meet complexity requirements

Determines how complex the PIN must be.

Windows Password as PIN

The user’s Active Directory password will be used as PIN.

No more than three repeated characters

PIN cannot have three repeated characters. (Example: 111, 444)

No more than three consecutive characters

PIN cannot have consecutive characters. (Example: 123, 456)

Must contain alpha and numeric characters

PIN must have both a letter and number. (Example: A1B, C2D)

Must only contain numeric characters

PIN can only have numbers. (Example: 159, 753)

Must contain special characters

PIN must have a special character. (Example: !23, @34)

Number of PINs to Keep in History

This number determines the number of PINs we would remember before allowing those previous PINs to repeat.

Risk-Based PIN

RBA will prompt when the RapidIdentity Windows Client detects a different type of authentication upon login.

Use PingMe instead of PIN

The user authenticates with PingMe during Bluetooth authentication instead of entering a PIN.