KeePassDX icon indicating copy to clipboard operation
KeePassDX copied to clipboard
verified publisher icon Kunzisoft

Allow autofill service usage as a work profile managed app in EMM scenarios

Open DashDashDashDashDash opened this issue 2 months ago • 2 comments

Checks

  • [x] I have read the Wiki, searched the open issues, and still think this is a new bug.

Explain the problem clearly and succinctly:

As of now, KeePassDX can't be used as an autofill service on work profiles in phones with Android 15 installed or higher. Customers get this screen upon selecting another autofill service:

Image

And a pop-up saying "Blocked by your IT admin" appears upon clicking on the disabled entry.

On the Google Admin side, we can't really control this setting since it's not available as a setting we can toggle:

Image

Compare this to another password manager app, like Bitwarden:

Image

Where the setting is toggleable.

Describe what you expected to happen:

This setting should be available for admins to edit so customers can use KeePassDX in their work profiles as an autofill service. I haven't tested this on versions earlier than 15, but it's present on 15 and 16.

KeePassDX version:

4.1.9

Build:

Free

Database version:

No response

File provider (content:// URI)

No response

Android version:

15+

Android device:

Motorola, Samsung

Additional context:

I've contacted Google Workspace Support, and they have sent me the following:

The issue pertains to the application's compliance with the Android Enterprise API for managed password services, which enables the "Password manager for Android 15+" toggle within the Admin console.

Specifically, there is a special app policy to specify whether to allow the user to define the credential provider app. If you are using the Android Management API, this can be achieved by adding the credential_provider_policy to your policy.

Please refer to the following resources:

Community Discussion on Android 15+ Password App: https://www.androidenterprise.community/discussions/conversations/android-15---cannot-set-default-password-app/8708/replies/8827#M2105

Android Management API Reference for ApplicationPolicy.FIELDS.credential_provider_policy: https://developers.google.com/android/management/reference/rest/v1/enterprises.policies#ApplicationPolicy.FIELDS.credential_provider_policy

Direct Link to CredentialProviderPolicy details within the API Reference: https://developers.google.com/android/management/reference/rest/v1/enterprises.policies#ApplicationPolicy.FIELDS.credential_provider_policy:~:text=the%20home%20screen.-,CredentialProviderPolicy,-Whether%20the%20app

Apologies for the edits. I've accidentally hit ctrl+enter in the middle of writing.

DashDashDashDashDash avatar Oct 20 '25 17:10 DashDashDashDashDash

I don't quite understand what needs to be added to KeePassDX for the special app policy to be validated and add the needed setting. If it's related to the integration of https://github.com/Kunzisoft/KeePassDX/issues/2139, then it will be implemented in version 5.0.0 of KeePassDX.

J-Jamet avatar Oct 21 '25 10:10 J-Jamet

That does indeed seem related, so I'd be more than happy to test out the integration you've mentioned internally! I'll closely follow that issue as well.

DashDashDashDashDash avatar Oct 21 '25 21:10 DashDashDashDashDash