Skip Navigation

Add dashboard administrators

You add groups using 
Microsoft Active Directory
 groups to the Dashboard Administrators setting and give members of the group dashboard login and configuration permissions. You can add one or more groups, but the group must be a part of the security groups. Users who are members of the Local Administrators group can also log in to 
BEMS
.
You can also configure 
BEMS
 to require users to log in to the 
BEMS
 Dashboard using certificate-based authentication. When you enable certificate-based authentication, 
BEMS
 contacts the LDAP server and verifies the following information for the 
BEMS
 administrator:
  • The user account is enabled. 
  • The user belongs to a security group that can log in to the 
    BEMS
     Dashboard. 
If you choose to enable certificate-based authentication, verify the following:
  • You have access to the root and intermediate certificates from the certificate authority (CA). You can upload a base64-encoded or binary-encoded format certificate file that includes one or more trusted certificates to the 
    BEMS
     Dashboard. When you upload one or more certificate files, the certificates are displayed in the dashboard. 
    BEMS
     supports the following file extensions: .cer, .der, .pem, and .crt. For information about creating a .pem file that includes multiple certificates, visit http://support.blackberry.com/community to read article 57259.
  • Do not save the certificate file with a .pfx extension. PFX file extensions are not supported.  
  • Have 
    BEMS
     administrators import the user credential certificates in the Personal 
    Windows
     certificate store on the computer that is used to login to the 
    BEMS
     Dashboard. 
  1. In the 
    BlackBerry Enterprise Mobility Server Dashboard
    , under 
    BEMS System Settings
    , click 
    BEMS Configuration
    .
  2. Click 
    Dashboard Administrators
  3. Click 
    Add Group
    .
  4. In the 
    Active Directory Security Group
     field, type the name of the 
    Microsoft Active Directory
     security group. 
  5. Click 
    Save
  6. Repeat steps 3 to 5 to add additional security groups.
  7. Optionally, complete the following steps to require users to use certificate based authentication to login to the 
    BEMS
     Dashboard. 
    1. Select the 
      Enable Client Certificate Authentication
       checkbox. 
    2. Click 
      Choose File
      . Navigate to and select the client certificate file. 
    3. Click 
      Open
      .
    4. Enter the LDAP server information details. 
      • In the 
        LDAP Server Name
         field, type the name of the LDAP server. For example, ldap.<
        DNS_domain_name
        >.
      • In the 
        LDAP Server port
         field, type the port number of the LDAP server. By default, the port number is 389.
        • Optionally, select the 
          Enable SSL LDAP
           checkbox to tunnel data through an SSL-encrypted connection. If you enable SSL LDAP, the port number defaults to 636.
      • Enter the LDAP username and password. In a 
        Microsoft Active Directory
         environment, enter the username in the format 
        domain\username
        .
    5. Click 
      Save
      .
    6. Restart each instance of 
      BEMS
If you configured your environment for 
BEMS
 administrators to use certificate based authentication, verify that users are prompted to select a certificate when they log in to the 
BEMS
 Dashboard. If 
BEMS
 Administrators experience an issue logging in to the dashboard using certificate authentication, they can log in with their user credentials.