Skip Navigation

About
BlackBerry 2FA

BlackBerry 2FA
protects access to your organization’s critical resources using two-factor authentication. The product uses a password that users enter and a secure prompt on their mobile device each time they attempt to access resources.
BlackBerry 2FA
also supports the use of standards-based One-Time Password (OTP) tokens.
You manage
BlackBerry 2FA
users from the
BlackBerry UEM Cloud
or
BlackBerry UEM
management console. You can also use
BlackBerry 2FA
on devices that aren't managed by
BlackBerry UEM Cloud
or
BlackBerry UEM
.
BlackBerry 2FA
supports
iOS
and
Android
devices that have only a
BlackBerry Dynamics
container, devices managed by third-party MDM systems, or unmanaged devices.
You can use
BlackBerry 2FA
to protect a wide variety of systems, including VPNs, RADIUS-compatible systems, custom applications using a REST API, and SAML-compliant cloud services when they are used in conjunction with
BlackBerry Enterprise Identity
.
Configuring
BlackBerry 2FA
for use with mobile devices is straightforward. The first authentication factor, the password, can be a user’s directory or container password. The second authentication factor, the device prompt, requires an app on the device that triggers a secure validation of the device. For
iOS
and
Android
devices,
BlackBerry 2FA
is included in the
BlackBerry UEM Client
. They are either installed during activation or you must have users install them. For managed
BlackBerry 10
devices, you must deploy a separate
BlackBerry 2FA
app or have users install it.
Configuring
BlackBerry 2FA
for users without mobile devices is also straightforward. Standards-based OTP tokens are registered in the
BlackBerry UEM
console and issued to users. The first authentication factor is the user's directory password, and the second authentication factor is a dynamic code that appears on the token's screen. For more information, see the Administration content for
BlackBerry 2FA
.
The
BlackBerry 2FA
server is an optional component that is deployed when the product is used in conjunction with RADIUS-based systems like most VPNs, or it is used with apps calling the product’s REST API. The
BlackBerry 2FA
server is not required in deployments that use only
Enterprise Identity
, but it can be deployed in cases where you want to use two-factor authentication for both cloud services and the other supported systems. For more information, see the
BlackBerry 2FA
server compatibility matrix content
,
BlackBerry 2FA
server installation and upgrade content
, and the
BlackBerry 2FA
server configuration content
.