Creating directory-linked groups
You can create groups in
BlackBerry UEM
that are linked to one or more groups in your company directory. These BlackBerry UEM
groups are called "directory-linked groups." Only directory user accounts can be members of a directory-linked group.
You must create directory-linked groups because
Microsoft Intune
app protection profiles can be assigned only to directory-linked groups. The directory-linked group must be a security group in Microsoft Active
Directory
. If the group is a distribution group, users won't have the appropriate permissions and cannot log in after the BRIDGE
app is installed on their device. For more information on Microsoft Intune
app protection profiles, see Managing apps protected by Microsoft IntuneAt a scheduled interval,
BlackBerry UEM
automatically synchronizes the membership of a directory-linked group with its associated company directory group or groups. Users that were added or removed from the company directory group are added or removed from the directory-linked group.
When users are moved into a company directory group that is linked to a directory-linked group, they are assigned the policies, profiles, and apps that are assigned to the group. When users are removed from a company directory group that is linked to a directory-linked group, the policies, profiles, and app are removed from the user.
Each directory-linked group can link to only a single company directory. For example, if
BlackBerry UEM
has two Microsoft Active
Directory
connections (A and B), and you create a directory-linked group that is linked to connection A, you can link only to directory groups from connection A. You must create new directory linked groups for any other directory connections.To enable this feature, see the following:
- In an on-premisesBlackBerry UEMenvironment, see Enable directory-linked groups in the Configuration content.
- In aBlackBerry UEM Cloudenvironment, see Enable directory-linked groups in the Configuration content
Synchronizing directory-linked groups does not add or delete users in
BlackBerry UEM
. To allow BlackBerry UEM
to create user accounts when new company directory users are created, you must enable and configure onboarding. For more information,
- In an on-premisesBlackBerry UEMenvironment, see Enabling onboarding in the Configuration content.
- In aBlackBerry UEM Cloudenvironment, see Enabling onboarding in the Configuration content.