About BlackBerry 2FA
BlackBerry 2FA
BlackBerry 2FA
protects access to your organization’s critical resources using two-factor authentication. The product uses a password that users enter and a secure prompt on their mobile device each time they attempt to access resources. BlackBerry 2FA
also supports the use of standards-based One-Time Password (OTP) tokens.You manage
BlackBerry 2FA
users from the BlackBerry UEM Cloud
or BlackBerry UEM
management console. You can also use BlackBerry 2FA
on devices that aren't managed by BlackBerry UEM Cloud
or BlackBerry UEM
. BlackBerry 2FA
supports iOS
and Android
devices that have only a BlackBerry
Dynamics
container, devices managed by third-party MDM systems, or unmanaged devices.You can use
BlackBerry 2FA
to protect a wide variety of systems, including VPNs, RADIUS-compatible systems, custom applications using a REST API, and SAML-compliant cloud services when they are used in conjunction with BlackBerry Enterprise Identity
.Configuring
BlackBerry 2FA
for use with mobile devices is straightforward. The first authentication factor, the password, can be a user’s directory or container password. The second authentication factor, the device prompt, requires an app on the device that triggers a secure validation of the device. For iOS
and Android
devices, BlackBerry 2FA
is included in the BlackBerry UEM Client
. They are either installed during activation or you must have users install them. For managed BlackBerry 10
devices, you must deploy a separate BlackBerry 2FA
app or have users install it.Configuring
BlackBerry 2FA
for users without mobile devices is also straightforward. Standards-based OTP tokens are registered in the BlackBerry UEM
console and issued to users. The first authentication factor is the user's directory password, and the second authentication factor is a dynamic code that appears on the token's screen. For more information, see the Administration content for BlackBerry 2FA
.The
BlackBerry 2FA
server is an optional component that is deployed when the product is used in conjunction with RADIUS-based systems like most VPNs, or it is used with apps calling the product’s REST API. The BlackBerry 2FA
server is not required in deployments that use only Enterprise Identity
, but it can be deployed in cases where you want to use two-factor authentication for both cloud services and the other supported systems. For more information, see the BlackBerry 2FA
server compatibility matrix content, BlackBerry 2FA
server installation and upgrade content, and the BlackBerry 2FA
server configuration content.