Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry Enterprise ID
  3. BlackBerry Enterprise Identity Administration Guide
  4. Using authenticator level ranking and authentication policies to manage security
  5. Allowing users to authenticate with PingFederate
  6. Create a BlackBerry Enterprise Identity policy for PingFederate users

Create a
BlackBerry Enterprise Identity
 policy for
PingFederate
 users

  1. In the
    BlackBerry UEM
     console, on the menu bar, click
    Policies and Profiles > BlackBerry Enterprise Identity > Add a policy
    .
  2. Enter a name and description for the policy.
  3. In the
    Minimum authenticator
     level drop-down, select the number that corresponds to the authentication level for one of the Authentication levels for
    Ping Identity
     on the
    Settings > BlackBerry Enterprise Identity > Settings
     screen. You can choose a level that corresponds to the following options: Ping password, Ping password + BlackBerry 2FA, or Ping password + PingID.
  4. Optionally, you can add a Risk scenario which provides additional security if certain conditions exist, such as if a user is not on an internal network. In the
    Risk scenarios
     table, click
    +
    .
  5. Enter a name and description for the risk scenario.
  6. Select a Minimum authentication level that corresponds to one of the Authenticator levels for Ping on the Settings > BlackBerry Enterprise Identity > Settings screen. You can choose to allow your users to enter only their password or respond to a
    BlackBerry 2FA
     prompt or enter their PingID if any of the risk factors are present when the user logs into the service. Choose from the following Risk factors:
    • Network detection
      : If you want to assess whether a user's app or browser is connected to the same network as
      BlackBerry UEM
      , select the Network detection option, and in the Configuration drop-down list, select the desired option.
    • Browser detection
      : If you want to establish a reference of trust between the browser and
      Enterprise Identity
       the first time that the user opens a browser, select the Browser detection option, and in the Configuration drop-down list, select the desired option.
    • BlackBerry Persona
      : If you want to use
      CylancePERSONA Mobile
       risk levels and geozones as risk factors, choose the
      CylancePERSONA
       option
  7. Click
    Save
    .
  8. Click
    Save
    .
Assign the policy to your organization’s
PingFederate
 users. If you have your users configured in a group, you can follow the Assign an Enterprise Identity policy to a user group topic to easily assign the policy to all the users at once.