Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry Enterprise ID
  3. BlackBerry Enterprise Identity Administration Guide
  4. Using authenticator level ranking and authentication policies to manage security
  5. Allowing users to authenticate with Okta
  6. Configure Okta as an identity provider in BlackBerry UEM

Configure
Okta
 as an identity provider in
BlackBerry UEM

After you create an
Okta
 client, you must create a corresponding identity provider in the
BlackBerry UEM
 management console.
  1. In the
    BlackBerry UEM
     management console click
    Settings > BlackBerry Enterprise Identity > Identity providers
    .
  2. Click
    +
     and select
    Okta
    .
  3. In the
    Name
     field, type a name for the identity provider.
  4. In the
    OIDC discovery document URL
     field, type the location of your organization’s
    Okta
     server. For example,
    https://
    <oktaDomain>
    .okta.com/ oauth2/
    <authorizationServerName>
    /.well-known/oauth-authorization
    , where authorizationServerName is the name of the authorization server in step 7 of Create an Okta app.
  5. In the
    Client ID
     field, enter the same ID that you created in the Create an Okta app task.
  6. In the
    Private key JWKS
     field, enter the Private key that you used in the Create an Okta app task.
    Your entry should be similar to the following.
    
            "jwks": {
                "keys": [
                    {
                        "kty": "EC",
                        "alg": "P-521",
                        "kid": "OJE1cjnUBHGXHtOiHc64gSO1xxNzhoe9sRorb2CCKgU",
                        "x": "AV4Ljfyl2eCoP1oyO_U3047BTprKxuwlUm57p7FsQJFMtW
                         1Xks7j8IQe4H0S8tNpd21Q_2NcKiJg5gjWKs0H3Oh6",
                        "y": "AIWYPJ-c1UWEWQXO4Zkl3TKCPxCiAqv7ju_vJsO0Jye7zC
                         1SzqAFbfIzCRRq_MJJJfmw2ZbfgtvHmG28avR1O287",
                        "alg": "ES512"
                    }
                ]
            }
  7. In the
    Available services
     list, select the services that you want to assign to the
    Okta
     client and click the right arrow to move the service to the
    Selected service
     list. Note that you can assign only one
    Okta
     client for each service.
  8. Click
    Save
    .
Create an Enterprise Identity authentication policy and assign it to users or groups. In the policy, add your service in Manage service exceptions and set the minimum authentication level to Level 4.