Skip Navigation

Enable and configure onboarding and offboarding

When you enable onboarding, you add universal or global directory groups to
UEM
as onboarding directory groups (onboarding is not supported for domain local groups). During a synchronization process, if
UEM
detects a directory user in an onboarding directory group that does not have a corresponding
UEM
user account, it creates that user account in
UEM
. When you enable onboarding you can also configure offboarding; when you disable or remove a user from an onboarding directory group,
UEM
can delete device data and remove the user from
UEM
.
When offboarding is enabled, any
UEM
user accounts that are not members of an onboarding directory group, regardless of how they were added to
UEM
, are offboarded during the next synchronization process.
  1. In the management console, on the menu bar, click
    Settings > External integration > Company directory
    .
  2. Click a company directory connection.
  3. On the
    Sync settings
    tab, select the
    Enable directory-linked groups
    check box.
  4. Select the
    Enable onboarding
    check box.
  5. Do any of the following:
    Task
    Steps
    Add onboarding directory groups and configure device activation options.
    1. Click The add icon.
    2. Search for and add universal or global directory groups.
    3. For each directory group, select whether you want to link nested groups.
    4. In the
      Device activation
      section, select whether you want onboarded users to receive an autogenerated activation password and email, or no activation password. If you select the autogenerated password option, configure the activation period and select an activation email template.
    Onboard users that you only want to use
    BlackBerry Dynamics
    apps.
    Follow these steps if you want to onboard users who will use
    BlackBerry Dynamics
    apps only. These users will not activate their devices on
    UEM
    using the
    UEM Client
    and their devices will not be managed by
    UEM
    .
    1. Select the
      Onboard users with BlackBerry Dynamics apps only
      check box.
    2. Click The add icon.
    3. Search for and add universal or global directory groups.
    4. For each directory group, select whether you want to link nested groups.
    5. Specify the number of access keys to generate per user, the access key expiration period, and the email template.
    Configure offboarding.
    If you want to delete device data when a user is offboarded from
    UEM
    , select the
    Delete device data when the user is removed from all onboarding directory groups
    check box. Do the following:
    • Select the appropriate option for the data that you want to remove from the device.
    • If you want to remove a user from
      UEM
      when that user is removed from all onboarding directory groups, select the
      Delete user when the user is removed from all onboarding directory groups
      check box.
    • If you want to delay the deletion of users and device data for two hours after a synchronization cycle, select the
      Offboarding protection
      check box. This option can help avoid unexpected deletions because of directory replication latency.
  6. If you want to force the synchronization of company directory groups, select the
    Force synchronization
    check box.
    If enabled, when a group is removed from the company directory, the links to that group are removed from directory-linked groups and onboarding directory groups. If all of the company directory groups associated with a directory-linked group are removed, the directory-linked group is converted to a local group.
  7. In the
    Sync limit
    field, type the maximum number of changes that each synchronization process can complete.
    If the number of changes to be synchronized exceeds the synchronization limit, you can prevent the synchronization process from running.
    UEM
    determines a total of the following changes: users to add to groups, users to remove from groups, users to be onboarded, and users to be offboarded.
  8. In the
    Maximum nesting level of directory groups
    field, type the number of nested levels to synchronize for company directory groups.
  9. Click
    Save
    .