Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry AtHoc
  3. 7.15
  4. Manage Users
  5. Manage user authentication
  6. Enable single sign-on as an authentication method
  7. Configure service provider settings

Configure service provider settings

  1. Log in to the
    BlackBerry AtHoc
     management system as an organization administrator or enterprise administrator.
  2. Click The Settings icon.
  3. In the
    Users
     section, click
    User Authentication
    .
  4. On the
    User Authentication
     page, in the
    Assign Authentication Methods to Applications
     section in the
    Self Service
     or
    Management System
     section, click
    Configuration
    .
  5. In the
    Management system SSO configuration
     or
    Self Service SSO configuration
     window, scroll down to the
    Service Provider
     section.
  6. Configure the following
    General Settings
    :
    1. Service Provider Name
      : Enter the name of the service provider that sends the SAML authentication request. Enter a name that is a minimum of three characters and a maximum of 512 characters. The following special characters are not allowed: `!?"<>!$%&^()={},;\:?"<>
    2. Assertion Consumer Service URL
      : This field is pre-populated with the service provider's endpoint URL that receives the SAML from the identity provider. The assertion consumer service URL is appended with the organization code. For example:
      • Self Service URL:
        https://domain/SelfService/Account/NewSSO/
        organization-code
      • BlackBerry AtHoc
         management system:
        https://domain/Client/
        organization-code
    3. Logout Service URL
      : This field is pre-populated with the URL of the service provider's endpoint that receives SAML log out messages. For more information, see SSO logout service.
    4. Custom Logout URL
      : Optionally, enter a custom URL to redirect users to at logout.
    5. Custom Logout Service Binding
      : Optionally, select
      POST
       or
      Redirect
       as the transport mechanism (SAML binding) to use when sending SAML authentication requests to the partner IDP. The default setting is
      POST
      .
  7. Configure the following
    Security Settings
    :
    1. SAML Request Signature
      : Select
      Signed
       or
      Unsigned
      . When
      Signed
       is selected, SAML authentication requests received from the partner service provider must be signed. Receiving signed authentication requests is optional, but highly recommended.
    2. If
      SAML Request Signature
       is set to
      Signed
      , select a
      Signature Algorithm
      . The default setting is
      RSA-SHA256
      .
    3. In the
      Certificate*
       section, do one of the following:
      • Select
        Use BlackBerry Certificate
         to use the signed BlackBerry certificate.
        A system administrator must upload a valid BlackBerry signed certificate for this option to appear.
      • Select
        Use Custom Certificate
         and click
        Import Certificate
        . On the
        Import Certificate
         window, enter a password and click
        Browse
        . Navigate to and select a valid certificate file. Click
        Import
        . Only .pfx and .p12 file types are supported.
  8. Click
    Apply
    .
  9. On the
    User Authentication
     page, click
    Save
    .