- Manage users
- Import users from a CSV file
- Make mass changes to user details
- Search for users
- View user details
- Manage dependents
- Manage organization subscriptions
- Manage user attributes
- View a list of user attributes
- Out-of-the-box user attributes
- Create a user attribute
- Edit a user attribute
- Prevent users from editing System Setup attributes
- Delete a user attribute
- Clear attribute values for all users
- Translate custom attributes
- Automatically disable users based on attributes
- Automatically delete users based on attributes
- Configure an Organizational Hierarchy attribute
- Create a dynamic hierarchy attribute
- Create a Geo-aware Single-select Picklist attribute
- Manage user authentication
- Enable authentication methods
- Assign authentication methods to applications
- Configure SDK access security
- Enable two-factor authentication
- Enable single sign-on as an authentication method
- Enable single sign-on for Self Service
- Enable single sign-on for the BlackBerry AtHoc management system
- Import a service provider certificate
- Configure identity provider settings
- Configure service provider settings
- SSO logout service
- Export SP and IDP settings
- Import IDP settings
- Import an existing IDP configuration
- Enable SSO certificate revocation list checking
- BlackBerry AtHoc Customer Support Portal
- Documentation feedback
- BlackBerry Docs
- BlackBerry AtHoc
- 7.21
- Manage Users
- Manage user authentication
- Enable single sign-on as an authentication method
- Enable SSO certificate revocation list checking
Enable SSO certificate revocation list checking
When single sign-on is enabled for your organization, a CRL is maintained. A CRL is a list of digital certificates that have been revoked and should not be trusted. If CRL checking is enabled,
BlackBerry AtHoc
checks the CRL before initiating a SAML authentication request to an identity provider or after receiving an SAML response from the IDP.- In the navigation bar, click
. - In theSetupsection, clickSecurity Policy.
- In theSSO CRL (Certificate Revocation List) Settingssection, select theEnable CRL Checkingoption.If theSSO CRL (Certificate Revocation List) Settingssection is not visible, single sign-on is not enabled. See Enable single sign-on for Self Service and Enable single sign-on for the BlackBerry AtHoc management system.
- In theCRL Timeout Intervalfield, enter the number of seconds to allow for certificate validation information to be retrieved from the CA. The minimum is 1 and the maximum is 60 seconds. The default is 20 seconds.
- Optionally, select theIgnore Verification Errorsoption. If this option is selected, a certificate that fails verification will continue to be used and an error is logged. If this option is not selected, any certificate that fails verification is not used.
- ClickSave.