Applies to: Admins, Managers
Note: PIN-Enabled Devices is going to launch as the sole experience to all Endear customers late June 2026. Reach out if you have specific questions about if you will be impacted.
Endear is changing the way we support PIN code login. The original legacy model, required a manager has to be signed in on a shared device first; the newer PIN-enabled devices model is where the device itself is trusted and PIN users can login directly. This article walks through the changes that are coming with the new PIN-enabled devices launch.
At a glance
| Legacy PIN code login | PIN-enabled devices |
How trust works | The signed-in manager session is the trusted context. PIN users can sign in only while a manager is active. | The device is the trusted context. PIN users can sign in any time, as long as the device is registered. |
Who needs to be signed in first | A manager or admin must be signed in on the shared device as the "primary" account. | No one. Once the device is registered, PIN users can sign in directly. |
Auto-logout behavior | After 10 minutes of inactivity, the manager's session ends — and every PIN user on that device loses access until a manager comes back to sign in. | After 10 minutes of inactivity, the current user is signed out and the device returns to the account picker, ready for the next person. |
Device registration step | None. | An admin or manager registers each device, either in person or remotely via an activation code. |
Device management | None. | Visible list of every registered device. Admins can rename, audit, and disable devices. |
How the legacy model works
In the legacy model, PIN code login depends on a manager being signed in.
A manager or admin signs in on a shared device with their full credentials (email + password, plus MFA where required).
While that manager session is active, any user on the team can sign in with their PIN.
If the manager session times out (after 10 minutes of inactivity), all PIN users lose access until the manager signs in again.
How PIN-enabled devices work
In the new model, Endear trusts the device itself.
An admin or manager registers a device as PIN-enabled — either by registering the device they're physically using, or by sending a staff member an activation code to register a remote device.
Once registered, any user with a PIN can sign in independently. There's no manager session anywhere in the picture.
After 10 minutes of inactivity, the current user is signed out and the device returns to the account picker. The next person at the device can sign in immediately.
If a device is lost, sold, or retired, an admin can disable PIN login on it from Endear — no PIN logins on that device until it's re-registered.
The Enterprise Security add-on
The PIN-enabled devices model is part of Endear's Enterprise Security add-on. What you get with the Enterprise Security add-on:
The PIN-Enabled Devices settings page (register devices, view the device list, see active teams).
The ability to generate and manage activation codes for remote device registration.
The ability to disable PIN login on a specific device when it's lost, sold, or retired.
Device-level trust controls that scale to multi-store and multi-team brands.
If you'd like to enable Enterprise Security for your brand, reach out to your Endear point of contact.
Still Need Help?
We are happy to assist you for more 1:1 direction. Reach out to our live chat!