.svg)
Enpass supports a set of app configuration keys that administrators can set prior to deployment. These keys are applied when the application is first installed and allow you to enforce organizational policy and pre-populate user-specific data without requiring manual input from users.
Supported Keys
|
Key |
Type |
Required |
Platforms |
|---|---|---|---|
|
|
Boolean ( |
Mandatory (recommended) |
All |
|
|
String (email address) |
Optional |
All |
|
|
String (path) |
Optional |
Windows only |
policy-enforced
Enforces organizational policy from the first app launch. When set to true, users cannot use Enpass until they complete the activation process tied to policy-email. This ensures all users are activated under your organization's license before gaining access to their vault.
Setting this key to true is a mandatory security practice for enterprise deployments.
Values: true | false
policy-email
Pre-populates the user's email address in the Enpass activation screen. This should be mapped to a dynamic variable in your UEM/MDM solution so that each user's address is automatically filled in, saving them from entering it manually.
This key has no effect unless policy-enforced is also set to true.
Value: A valid email address or a dynamic UEM variable.
policy-enforced-data-location
(Windows only) Sets a fixed path for where Enpass stores its vault data on the device. Once configured, users cannot change the data storage location from within the app. This is particularly useful in Citrix and VDI environments where the default app data path may not persist across sessions or conflicts with the roaming profile configuration. Redirecting to a path within the user's persistent profile ensures vault data is retained between sessions.
Value: A valid filesystem path string. In most environments this should be tied to the user's profile, for example C:\Users\%USERNAME%\AppData\Roaming\Enpass.