Steps to configure the BlackBerry 2FA server
Configuring a connection between the BlackBerry 2FA server and a VPN gateway
Configure the connection to the REST API endpoint
- Configuring REST API endpoint connectivity
Create a REST API client in the BlackBerry 2FA server
Enable MS-CHAP authentication for users in a domain
Configure the BlackBerry 2FA app
Assign a VPN gateway or REST client configuration to a user group
Installing the BlackBerry 2FA app on devices
Architecture: BlackBerry 2FA high availability
- Configuring the BlackBerry 2FA server for high availability
Logging and reporting
- Auditing authentication requests
- Centralize logging or auditing using syslog
Authentication options
Usernames, passwords, and directories
REST API endpoint
VPN gateways
Glossary

Enable MS-CHAP authentication for users in a domain

You can enable a

BlackBerry 2FA

server to support MS-CHAPv1 and MS-CHAPv2 authentication for RADIUS requests (for example, requests that come from a VPN gateway) for users that are a member of the selected domain. The domain is available for this option because the

2FA

server is running on a host that is joined to an

Active Directory

domain to which

BlackBerry UEM

is also connected.

In the

BlackBerry UEM

management console, on the menu bar, click

Settings

External integration

BlackBerry 2FA server

Click the name of the

2FA

server that you want to configure.

In the

Active directory configuration

section, select the domain for which you want to enable MS-CHAP authentication. To disable MS-CHAP authentication, deselect the domain.

Click

Save