What is the minimum level of unlock method required to install a certificate in Android credential storage?

Environment

All Samsung devices supporting the Knox framework.

Summary

In order to install a certificate in Android credential storage, the device unlock method must be set to password. Credentials are stored in an encrypted credential storage and the encryption key is derived from the device password. If the device unlock method is set as pattern, fingerprint, or none, the encryption key can’t extract credential information.