Configure RSA SecurID soft token authentication

BlackBerry Work

for

iOS

and

Android

devices supports RSA SecurID soft token authentication. The software consists of an app and a separately installed, software-based security token that transfers password protection to

BlackBerry Work

contains an embedded RSA SecurID authenticator that can generate and display a 6-digit or 8-digit token code at 30 and 60 second intervals.

To use the RSA SecurID software token app for authentication,

BlackBerry Work

must be configured to support RSA token import using the Compressed Token Format (CTF) URL.

Verify that the RSA SecurID Software Token app is installed on the device. If the RSA SecurID app is not installed, the device OS displays an error or redirects the user to the

Apple

App Store

Google Play

Store.

Verify that you have provisioned the RSA SecurID software token for the user.

Verify the URL scheme for your users’ devices:

iOS

and

iPadOS

devices: com.rsa.securid://ctf/?ctfData=TOKENDATA

In the steps below, you will send a SDTID file to users’ devices.

Android

devices: http://127.0.0.1/securid/ctf?ctfData=TOKENDATA

In the steps below, you will send the seed record token data to users' devices. If you have a SDTID file, you must convert it to a CTF format. For more information, see RSA SecurID Software Token Converter Documentation.

In the

BlackBerry UEM

management console, on the menu bar, click

Apps

Search for and click

BlackBerry Work

On the

BlackBerry Dynamics

tab, in the

App configuration

table, click the app configuration that you want to edit.

On the

Interoperability

tab, complete one of the following tasks:

Task	Steps
Send the SDTID file as an attachment ( iOS and iPadOS only)	In the File Handling section, select the Enable exporting to 3rd-party native apps check box. In the drop-down list, select Allow exporting only to these apps . In the Enter App ID field, enter the RSA SecurID Software Token app ID. Send the SDTID file to your users. Request users to open the email in the BlackBerry Work app, tap the RSA token attachment, and follow the on-screen prompts to complete the authentication process.
Send the seed record token data in a clickable link in the email body ( iOS , iPadOS , and Android )	In the Launch 3rd party app section, select the Enable integration with 3rd party RSA SecurID app using CTF token seed check box. Send the seed record to your users. The seed record must be in a CTF URL format. See the Before you begin section above to verify that you are using the appropriate URL scheme for your users' devices. Request users to open the email in the BlackBerry Work app, tap the RSA token link, and follow the on-screen prompts to complete the authentication process.

Task

Steps

Send the SDTID file as an attachment (

iOS

and

iPadOS

only)

In the

File Handling

section, select the

Enable exporting to 3rd-party native apps

check box.

In the drop-down list, select

Allow exporting only to these apps

In the

Enter App ID

field, enter the RSA SecurID Software Token app ID.

Send the SDTID file to your users.

Request users to open the email in the

BlackBerry Work

app, tap the RSA token attachment, and follow the on-screen prompts to complete the authentication process.

Send the seed record token data in a clickable link in the email body (

iOS

iPadOS

, and

Android

)

In the

Launch 3rd party app

section, select the

Enable integration with 3rd party RSA SecurID app using CTF token seed

check box.

Send the seed record to your users. The seed record must be in a CTF URL format. See the

Before you begin

section above to verify that you are using the appropriate URL scheme for your users' devices.

Request users to open the email in the

BlackBerry Work

app, tap the RSA token link, and follow the on-screen prompts to complete the authentication process.

Section:

Managing BlackBerry Work