About BlackBerry 2FA
BlackBerry 2FAprotects access to your organization’s critical resources using two-factor authentication. The product uses a password that users enter and a secure prompt on their mobile device each time they attempt to access resources.
BlackBerry 2FAalso supports the use of standards-based One-Time Password (OTP) tokens.
BlackBerry 2FAusers from the
BlackBerry UEM Cloudor
BlackBerry UEMmanagement console. You can also use
BlackBerry 2FAon devices that aren't managed by
BlackBerry UEM Cloudor
Androiddevices that have only a
BlackBerry Dynamicscontainer, devices managed by third-party MDM systems, or unmanaged devices.
You can use
BlackBerry 2FAto protect a wide variety of systems, including VPNs, RADIUS-compatible systems, custom applications using a REST API, and SAML-compliant cloud services when they are used in conjunction with
BlackBerry Enterprise Identity.
BlackBerry 2FAfor use with mobile devices is straightforward. The first authentication factor, the password, can be a user’s directory or container password. The second authentication factor, the device prompt, requires an app on the device that triggers a secure validation of the device. For
BlackBerry 2FAis included in the
BlackBerry UEM Client. They are either installed during activation or you must have users install them. For managed
BlackBerry 10devices, you must deploy a separate
BlackBerry 2FAapp or have users install it.
BlackBerry 2FAfor users without mobile devices is also straightforward. Standards-based OTP tokens are registered in the
BlackBerry UEMconsole and issued to users. The first authentication factor is the user's directory password, and the second authentication factor is a dynamic code that appears on the token's screen. For more information, see the Administration content for
BlackBerry 2FAserver is an optional component that is deployed when the product is used in conjunction with RADIUS-based systems like most VPNs, or it is used with apps calling the product’s REST API. The
BlackBerry 2FAserver is not required in deployments that use only
Enterprise Identity, but it can be deployed in cases where you want to use two-factor authentication for both cloud services and the other supported systems. For more information, see the
BlackBerry 2FAserver compatibility matrix content,
BlackBerry 2FAserver installation and upgrade content, and the
BlackBerry 2FAserver configuration content.
BlackBerry 2FA, you must purchase user licenses for the Collaboration, Application, or Content Editions of
BlackBerry Enterprise Mobility Suite, or separate
2FAuser licenses. For the Collaboration Edition,
BlackBerry 2FAcan be used for authentication to
Microsoft Office 365only. For more information about
BlackBerry 2FA, including how to purchase
2FA, see the information on blackberry.com.