Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry Enterprise ID
  3. BlackBerry Enterprise Identity Administration Guide
  4. Managing authentication policies
  5. Create an Enterprise Identity authentication policy

Create an
Enterprise Identity
 authentication policy

Complete the following task to create an
Enterprise Identity
 policy for user groups.
  1. In the
    BlackBerry UEM
     console, on the menu bar, click
    Policies and Profiles
     >
    BlackBerry Enterprise Identity
    .
  2. Click the The Add icon beside
    Authentication policies
    .
  3. Enter a name and description for the profile.
  4. In the
    Minimum authentication level
     drop-down list, specify an authentication level. For more information, see Managing authentication levels.
  5. In the
    Risk scenarios
     table, click The Add icon.
  6. Enter a name, and description.
  7. In the
    Minimum authentication level
     drop-down list, select the desired authentication level that you want to be applied when the risk factors are met.
  8. In the
    Risk factor combination
     list, choose one of the following options:
    • If you want to apply all selected risk factors to the scenario, select
      All selected factors are present
    • If you want to have any of the selected risk factors apply to the scenario, select
      Any of the selected factors is present
  9. If you want to assess whether a user's app or browser is connected to the same network as the
    BlackBerry UEM
     server, select the
    Network detection
     option, and in the
    Configuration
     drop-down list, select the desired option. Note that you cannot enable the network detection risk factor in
    BlackBerry UEM Cloud
    .
  10. If you want to establish a reference of trust between the browser and
    Enterprise Identity
     the first time that they open a browser, select the
    Browser detection
     option, and in the
    Configuration
     drop-down list, select the desired option.
  11. If you want to use
    CylancePERSONA Mobile
     risk levels and geozones as risk factors, choose the
    BlackBerry Persona
     option and select from the following options:
    • Behavioral risk level
      :
      CylancePERSONA
       cloud services in the
      BlackBerry Infrastructure
       gather and process app data and use it to calculate a risk level for each user.
    • Admin-defined geozone
      : Choose a geozone that your organization's
      BlackBerry UEM
       administrator created.
      For more information about risk levels and geozones, refer to the
      CylancePERSONA Mobile
       content.
    • Geozone risk level
      : Choose from High, Medium, or Low. This setting specifies a level of risk that can be attributed to a user by comparing the user's physical location to the region contained within an Admin-defined geozone or a learned geozone.
  12. Click
    Save
    .
  13. If you want to create an exception for any of your organization's services, click
    Manage service exceptions
    , select the service from the list, and set up any necessary risk scenarios for the service.
  14. If necessary, repeat steps 5 to 11 to add additional risk scenarios. Note that each risk scenario must use a unique set of risk factors.
  15. Click
    Save
    .