Get the PDF

Configuring BlackBerry UEM
Changing the certificates that BlackBerry UEM uses for authentication
- Considerations for changing BlackBerry Dynamics certificates
- Change a BlackBerry UEM certificate
Installing the BlackBerry Connectivity Node to connect to resources behind your organization's firewall
- Steps to install and activate the BlackBerry Connectivity Node
- Requirements: BlackBerry Connectivity Node
- Install and configure the BlackBerry Connectivity Node
- Create a server group to manage regional connections
- Troubleshooting: BlackBerry Connectivity Node
Configuring BlackBerry UEM to send data through a proxy server
- Sending data through a TCP proxy server to the BlackBerry Infrastructure
  - Configure BlackBerry UEM to use a transparent TCP proxy server
  - Enable SOCKS v5 on a TCP proxy server
- Install a standalone BlackBerry Router in a UEM Cloud environment
Configure connections through internal proxy servers
Connect to an SMTP server to send email notifications
Connecting to your company directories
- Connect to a Microsoft Active Directory instance
- Connect to an LDAP directory
- Enable directory-linked groups
- Enable and configure onboarding and offboarding
- Synchronize a directory connection
Connect BlackBerry UEM to Entra ID to create directory user accounts
Configuring BlackBerry UEM to manage Microsoft Intune app protection profiles
- Prerequisites to support Intune app protection
- Create an app registration in Entra
- Configure BlackBerry UEM to synchronize with Microsoft Intune
Configuring BlackBerry UEM as an Intune compliance partner in Entra
- Prerequisites to configure Entra ID conditional access
- Configure Entra ID conditional access
Obtaining an APNs certificate to manage iOS and macOS devices
- Request and register an APNs certificate
- Troubleshooting: APNs
Configure BlackBerry UEM for DEP
Configuring BlackBerry UEM to support Android Enterprise devices
- Configure BlackBerry UEM to support Android Enterprise devices
Configuring BlackBerry UEM to support Android Management devices
- Configure Android Management in the Google Cloud console
- Configure Android Management in BlackBerry UEM
Extending the management of Chrome OS devices to BlackBerry UEM
- Create a service account to authenticate with the Google domain
- Enable UEM to synchronize Chrome OS data
- Integrate UEM with the Google domain
Simplifying Windows 10 activations
- Integrate UEM with Entra ID join
  - Configure Windows Autopilot for device activation
- Deploy a discovery service to simplify Windows 10 activations
Migrating users, devices, groups, and other data from a source server
- Prerequisites: Migrating users, devices, groups, and other data from a source BlackBerry server
- UEM migration best practices and considerations
- Connect to a source server
- Migrate IT policies, profiles, and groups from a source server
- Migrate users from a source server
- Migrate devices from a source server
Configuring network communication and properties for BlackBerry Dynamics apps
- Manage BlackBerry Proxy clusters
- Configure Direct Connect using port forwarding
- Configure BlackBerry Dynamics properties
- Configure communication settings for BlackBerry Dynamics apps
- Sending BlackBerry Dynamics app data through an HTTP proxy
  - Considerations for using a PAC file with BlackBerry Proxy
  - Configure BlackBerry Dynamics app proxy settings
- Methods for routing traffic for BlackBerry Dynamics apps
  - Example routing scenarios for BlackBerry Dynamics traffic
- Configuring Kerberos authentication for BlackBerry Dynamics apps
Encrypt the connection between BlackBerry UEM and Microsoft SQL Server
Integrating BlackBerry UEM with Cisco ISE
- Managing network access and device controls using Cisco ISE
- Requirements: Integrating BlackBerry UEM with Cisco ISE
- Connect BlackBerry UEM to Cisco ISE
Set up VPN using Knox StrongSwan for UEM dark site environments

Connect to an LDAP directory

The task below applies to a

UEM

on-premises environment. In a

UEM Cloud

environment, install and configure the BlackBerry Connectivity Node to connect to your company directory.

Create an LDAP account for

UEM

that is located in the relevant LDAP directory. The account must meet the following requirements:

The account must have permission to read all users in the directory.

The password must be configured not to expire and does not need to be changed at the next login.

If the LDAP connection is SSL encrypted, verify that you have the server certificate for the LDAP connection and that the LDAP server supports TLS 1.2. If SSL is enabled, the LDAP connection to

UEM

must use TLS 1.2.

Verify the LDAP attribute values that your organization uses (the steps below give examples for typical attribute values), you will use them in the steps below.

In the

UEM

management console, on the menu bar, click

Settings > External integration > Company directory

Click

> LDAP connection

In the

Directory connection name

field, type a name for the directory connection.

In the

LDAP server discovery

drop-down list, do one of the following:

To automatically discover the LDAP server, click

Automatic

. In the

DNS domain name

field, type the domain name for the server that hosts the company directory.

To specify a list of LDAP servers, click

Select server from list below

. In the

LDAP server

field, type the name of the LDAP server. To add more LDAP servers, click The add icon

In the

Enable SSL

drop-down list, perform one of the following actions:

If the LDAP connection is SSL encrypted, click

Yes

. Beside the

LDAP server SSL certificate

field, click

Browse

and select the LDAP server certificate.

If the LDAP connection is not SSL encrypted, click

In the

LDAP port

field, type the TCP port number for communication. The default values are 636 for SSL enabled or 389 for SSL disabled.

In the

Authorization required

drop-down list, do one of the following:

If authorization is required for the connection, click

Yes

. In the

field, type the DN of the user that is authorized to log in to LDAP (for example, an=admin,o=Org1). In the

Password

field, type the password.

If authorization is not required for the connection, click

In the

User search base

field, type the value to use as the base DN for user information searches.

In the

LDAP user search filter

field, type the LDAP search filter that is required to find user objects in your organization's directory server. For example, for an

IBM Domino Directory

, type

(objectClass=Person)

In the

LDAP user search scope

drop-down list, do one of the following:

To search all objects following the base object, click

All levels

. This is the default setting.

To search objects that are one level directly following the base DN, click

One level

In the

Unique identifier

field, type the name of the attribute that uniquely identifies each user in your organization's LDAP directory (must be a string that is immutable and globally unique). For example,

dominoUNID

In the

First name

field, type the attribute for each user’s first name (for example,

givenName

In the

Last name

field, type the attribute for each user’s last name (for example,

In the

field, type the login attribute to use for authentication (for example,

uid

In the

Email address

field, type the attribute for each user's email address (for example,

mail

). If you do not set the value, a default value is used.

In the

Display name

field, type the attribute for each user's display name (for example,

displayName

). If you do not set the value, a default value is used.

In the

User Principal Name

field, type the user principal name for SCEP (for example,

mail

In the

Department

field, type the attribute for each user's department.

In the

Job Title

field, type the attribute for each user's job title.

If you want to synchronize additional fields from the LDAP directory, select the

Synchronize additional user details

check box. Type the attributes for the additional fields as necessary.

To enable directory-linked groups for the directory connection, select the

Enable directory-linked groups

check box.

In the

Group search base

field, type the value to use as the base DN for group information searches.

In the

LDAP group search filter

field, type the LDAP search filter that is required to find group objects in your company directory. For example, for

IBM Domino Directory

, type

(objectClass=dominoGroup)

In the

Group Unique Identifier

field, type the attribute for each group's unique identifier. This attribute must be immutable and globally unique (for example, type

In the

Group Display name

field, type the attribute for each group's display name (for example, type

In the

Group Membership attribute

field, type the name of the attribute for group membership. The attribute values must be in DN format (for example,

CN=jsmith,CN=Users,DC=example,DC=com

In the

Test Group Name

field, type an existing group name for validating the group attributes specified.

If you want to enable paged searching for group members, select the

Enable paged group search

check box.

Click

Save

Click

Do any of the following optional tasks:

Enable directory-linked groups.

Enable and configure onboarding and offboarding.

Configure directory synchronization.

If you remove a directory connection, all users that were added to

UEM

from that directory will be converted to local users. Once users are converted to local users they can't be converted back to directory linked users, even if you later re-add the company directory connection. Users will continue to function as local users but

UEM

will not be able to synchronize updates from the company directory.

Section:

Connecting to your company directories