Add dashboard administrators
You add groups using
Microsoft Active Directorygroups to the Dashboard Administrators setting and give members of the group dashboard login and configuration permissions. You can add one or more groups, but the group must be a part of the security groups. Users who are members of the Local Administrators group can also log in to
You can also configure
BEMSto require users to log in to the
BEMSDashboard using certificate-based authentication. When you enable certificate-based authentication,
BEMScontacts the LDAP server and verifies the following information for the
- The user account is enabled.
- The user belongs to a security group that can log in to theBEMSDashboard.
If you choose to enable certificate-based authentication, verify the following:
- You have access to the root and intermediate certificates from the certificate authority (CA). You can upload a base64-encoded or binary-encoded format certificate file that includes one or more trusted certificates to theBEMSDashboard. When you upload one or more certificate files, the certificates are displayed in the dashboard.BEMSsupports the following file extensions: .cer, .der, .pem, and .crt. For information about creating a .pem file that includes multiple certificates, visit http://support.blackberry.com/community to read article 57259.
- Do not save the certificate file with a .pfx extension. PFX file extensions are not supported.
- HaveBEMSadministrators import the user credential certificates in the PersonalWindowscertificate store on the computer that is used to login to theBEMSDashboard.
- In theBlackBerry Enterprise Mobility Server Dashboard, underBEMS System Settings, clickBEMS Configuration.
- ClickDashboard Administrators.
- ClickAdd Group.
- In theActive Directory Security Groupfield, type the name of theMicrosoft Active Directorysecurity group.
- Repeat steps 3 to 5 to add additional security groups.
- Optionally, complete the following steps to require users to use certificate based authentication to login to theBEMSDashboard.
- Select theEnable Client Certificate Authenticationcheckbox.
- ClickChoose File. Navigate to and select the client certificate file.
- Enter the LDAP server information details.
- In theLDAP Server Namefield, type the name of the LDAP server. For example, ldap.<DNS_domain_name>.
- In theLDAP Server portfield, type the port number of the LDAP server. By default, the port number is 389.
- Optionally, select theEnable SSL LDAPcheckbox to tunnel data through an SSL-encrypted connection. If you enable SSL LDAP, the port number defaults to 636.
- Enter the LDAP username and password. In aMicrosoft Active Directoryenvironment, enter the username in the formatdomain\username.
- Restart each instance ofBEMS.
If you configured your environment for
BEMSadministrators to use certificate based authentication, verify that users are prompted to select a certificate when they log in to the
BEMSAdministrators experience an issue logging in to the dashboard using certificate authentication, they can log in with their user credentials.