Add dashboard administrators
You add groups using
Microsoft Active
Directory
groups to the Dashboard Administrators setting and give members of the group dashboard login and configuration permissions. You can add one or more groups, but the group must be a part of the security groups. Users who are members of the Local Administrators group can also log in to BEMS
.
You can also configure
BEMS
to require users to log in to the BEMS
Dashboard using certificate-based authentication. When you enable certificate-based authentication, BEMS
contacts the LDAP server and verifies the following information for the BEMS
administrator:
- The user account is enabled.
- The user belongs to a security group that can log in to theBEMSDashboard.
If you choose to enable certificate-based authentication, verify the following:
- You have access to the root and intermediate certificates from the certificate authority (CA). You can upload a base64-encoded or binary-encoded format certificate file that includes one or more trusted certificates to theBEMSDashboard. When you upload one or more certificate files, the certificates are displayed in the dashboard.BEMSsupports the following file extensions: .cer, .der, .pem, and .crt. For more information see KB 57259.
- Do not save the certificate file with a .pfx extension. PFX file extensions are not supported.
- HaveBEMSadministrators import the user credential certificates in the PersonalWindowscertificate store on the computer that is used to login to theBEMSDashboard.
- In theBlackBerry Enterprise Mobility Server Dashboard, underBEMS System Settings, clickBEMS Configuration.
- ClickDashboard Administrators.
- ClickAdd Group.
- In theActive Directory Security Groupfield, type the name of theMicrosoft Active Directorysecurity group.
- ClickSave.
- Repeat steps 3 to 5 to add additional security groups.
- Optionally, complete the following steps to require users to use certificate-based authentication to login to theBEMSDashboard.
- Select theEnable Client Certificate Authenticationcheckbox.
- ClickChoose File. Navigate to and select the client certificate file.
- ClickOpen.
- Enter the LDAP server information details.
- In theLDAP Server Namefield, type the name of the LDAP server. For example, ldap.<DNS_domain_name>.
- In theLDAP Server portfield, type the port number of the LDAP server. By default, the port number is 389. Optionally, select theEnable SSL LDAPcheckbox to tunnel data through an SSL-encrypted connection. If you enable SSL LDAP, the port number defaults to 636.
- Enter the LDAP username and password. In aMicrosoft Active Directoryenvironment, enter the username in the formatdomain\username.
- ClickSave.
- Restart each instance ofBEMS.
If you configured your environment for
BEMS
administrators to use certificate-based authentication, verify that users are prompted to select a certificate when they log in to the BEMS
Dashboard. If BEMS
Administrators experience an issue logging in to the dashboard using certificate authentication, they can log in with their user credentials.