OTP tokens

BlackBerry UEM
 supports the use of One-Time Password (OTP) tokens through 
BlackBerry 2FA
 service. The OTP tokens feature provides a secure authentication scheme for users who do not have a mobile device or have a mobile device that does not have sufficient connectivity to support the real-time 
BlackBerry 2FA
 device notifications. When using an OTP instead of a device notification as the second factor of authentication, the OTP is provided in the same channel as the user’s password, and their mobile device is not signaled.
You can enter the OTP code with the username or the password.
  • When using an OTP code with the username, after the username, you type a comma (,) then the OTP code with no spaces between them. For example, if the username is "janedoe" and code is "555123", it should be entered as “janedoe,555123”. Using this method, users can easily verify the code that they entered.
  • When using an OTP code with the password, the code precedes the user's password. For example, if the code is "555123" and the password is "AbCdeF", it should be entered as "555123AbCdeF".

Software tokens

You enable software OTP tokens for users in the 
BlackBerry 2FA
 profile that you assign to them. The software token can be found in the 
BlackBerry UEM Client
 app by swiping through its home screen. 

Hardware tokens

To manage hardware OTP tokens in 
BlackBerry UEM
, the user must have a 
BlackBerry 2FA
 profile assigned to them.
For more information about the latest supported hardware tokens, see the 
BlackBerry 2FA
 server compatibility matrix
.