Skip Navigation

Add dashboard administrators

You add groups using
Microsoft Active Directory
groups to the Dashboard Administrators setting and give members of the group dashboard login and configuration permissions. You can add one or more groups, but the group must be a part of the security groups. Users who are members of the Local Administrators group can also log in to
BEMS
.
You can also configure
BEMS
to require users to log in to the
BEMS
Dashboard using certificate-based authentication. When you enable certificate-based authentication,
BEMS
contacts the LDAP server and verifies the following information for the
BEMS
administrator:
  • The user account is enabled.
  • The user belongs to a security group that can log in to the
    BEMS
    Dashboard.
If you choose to enable certificate-based authentication, verify the following:
  • You have access to the root and intermediate certificates from the certificate authority (CA). You can upload a base64-encoded or binary-encoded format certificate file that includes one or more trusted certificates to the
    BEMS
    Dashboard. When you upload one or more certificate files, the certificates are displayed in the dashboard.
    BEMS
    supports the following file extensions: .cer, .der, .pem, and .crt. For more information see KB 57259.
  • Do not save the certificate file with a .pfx extension. PFX file extensions are not supported. 
  • Have
    BEMS
    administrators import the user credential certificates in the Personal
    Windows
    certificate store on the computer that is used to login to the
    BEMS
    Dashboard.
  1. In the
    BlackBerry Enterprise Mobility Server Dashboard
    , under
    BEMS System Settings
    , click
    BEMS Configuration
    .
  2. Click
    Dashboard Administrators
    .
  3. Click
    Add Group
    .
  4. In the
    Active Directory Security Group
    field, type the name of the
    Microsoft Active Directory
    security group.
  5. Click
    Save
    .
  6. Repeat steps 3 to 5 to add additional security groups.
  7. Optionally, complete the following steps to require users to use certificate-based authentication to login to the
    BEMS
    Dashboard.
    1. Select the
      Enable Client Certificate Authentication
      checkbox.
    2. Click
      Choose File
      . Navigate to and select the client certificate file.
    3. Click
      Open
      .
    4. Enter the LDAP server information details.
      • In the
        LDAP Server Name
        field, type the name of the LDAP server. For example, ldap.<
        DNS_domain_name
        >.
      • In the
        LDAP Server port
        field, type the port number of the LDAP server. By default, the port number is 389. Optionally, select the
        Enable SSL LDAP
        checkbox to tunnel data through an SSL-encrypted connection. If you enable SSL LDAP, the port number defaults to 636.
      • Enter the LDAP username and password. In a
        Microsoft Active Directory
        environment, enter the username in the format
        domain\username
        .
    5. Click
      Save
      .
    6. Restart each instance of
      BEMS
      .
If you configured your environment for
BEMS
administrators to use certificate-based authentication, verify that users are prompted to select a certificate when they log in to the
BEMS
Dashboard. If
BEMS
Administrators experience an issue logging in to the dashboard using certificate authentication, they can log in with their user credentials.