Managing authentication levels
Four authentication types are available in
Enterprise Identity. The ranking of these authenticators can be changed in the
BlackBerry UEMconsole, on the
Settingspage. For more information on ranking, see Change Enterprise Identity settings.
This security method requires a password before users can access a service. It is the default method. The password is one currently associated with a user account in
Active Directory, an LDAP directory, or
Enterprise password and
This security method leverages
BlackBerry 2FAand requires both a password and an acknowledgment on a user's mobile device before they can access a service.
This security method, available on mobile devices, allows a user to access a service without having to explicitly authenticate. Instead, it leverages the user's authentication with the device or secure container as proof of identity.
This security method, available to
PingFederateusers, requires users to enter their
Ping Identitypassword before they can access a service. For additional security, you can also require users to acknowledge a prompt, or enter their PingID.
You can assign these authentication levels to the user or group for each service by defining an authentication policy. For more information on policies, see Managing authentication policies.