Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry UEM 12.19
  3. UEM Configuration Guide
  4. Connecting BlackBerry UEM to Microsoft Entra ID
  5. Connect BlackBerry UEM to Entra ID to create directory user accounts

Connect
BlackBerry UEM
 to
Entra ID
 to create directory user accounts

You can connect
BlackBerry UEM
 to
Microsoft Entra ID
 to create directory user accounts in
UEM
. After you configure the connection, you can search for and import user data from the directory to create
UEM
 users. Directory users can use their directory credentials to access
BlackBerry UEM Self-Service
. If you assign an administrative role to a directory user, the user can use their directory credentials to log in to the management console.
If your organization uses an on-premises
Active Directory
 and accounts are synchronized to
Entra ID
, you should create a directory connection for your on-premise
Active Directory
 instead (see Connect to a Microsoft Active Directory instance). Connecting
UEM
 to
Entra ID
 is appropriate when
Entra ID
 is your primary directory service and you do not have an on-premises
Active Directory
.
After you connect
UEM
 to
Entra ID
, the
UEM
 console URLs change to the following ("&redirect=no" is removed from the end of the URL):
  • Management console: https://
    <server_name>
    :
    <port>
    /admin/index.jsp?tenant=
    <tenant_ID>
  • Self-service console: https://
    <server_name>
    :
    <port>
    /mydevice/index.jsp?tenant=
    <tenant_ID>
You must have a
Microsoft Entra ID
 account. If you don’t have an account, visit https://azure.microsoft.com to create an account. Use this account to log in to the Entra portal.
  1. Log in to the Entra portal.
  2. In the section for
    Entra ID
     app registrations, add a new registration.
  3. Specify the following and complete the registration:
    1. Type a name for the registration.
    2. Select which account types can use the application or access the API.
    3. For the redirect URI, click
      Web
       and type
      http://localhost
      .
  4. Copy the application ID.
    This is the Client ID that you will register with
    UEM
    .
  5. In the section for managing API permissions (Register button), add a permission and select the following:
    • Microsoft Graph
    • Application permissions
    • Set the following permissions:
      Group.Read.All (Application)
      ,
      User.Read (Delegated)
      ,
      User.Read.All (Application)
  6. Grant administrator consent for all accounts in the current directory.
  7. In the section for managing certificates and secrets, add a new client secret and specify a description and duration.
  8. Copy the Value field of the new client secret (not the Secret ID).
    This is the Client key that you will register with
    UEM
    .
  9. In the
    UEM
     management console, on the menu bar, click
    Settings > External integration > Company directory
    .
  10. Click The add icon >
    Microsoft Azure Active Directory connection
    .
  11. In the
    Directory connection name
     field, type a name for the connection.
  12. In the
    Domain
     field, type the
    Entra ID
     domain.
  13. In the
    Client ID
     field, type the ID you recorded in step 4.
  14. In the
    Client key
     field, type the value you recorded in step 8.
  15. Click
    Continue
    .
  16. Click
    Save
    .