Skip Navigation

Configure
Okta
as an identity provider in
BlackBerry UEM

After you create an
Okta
client, you must create a corresponding identity provider in the
BlackBerry UEM
management console.
  1. In the
    BlackBerry UEM
    management console click
    Settings > BlackBerry Enterprise Identity > External Identity providers
    .
  2. Click
    +
    and select
    Okta
    .
  3. In the
    Name
    field, type a name for the identity provider.
  4. In the
    OIDC discovery document URL
    field, type the location of your organization’s
    Okta
    server. For example,
    https://
    <oktaDomain>
    .okta.com/oauth2/
    <authorizationServerName>
    /.well-known/oauth-authorization
    , where authorizationServerName is the name of the authorization server in step 7 of Create an Okta app.
  5. In the
    Client ID
    field, enter the same ID that you created in the Create an Okta app task.
  6. In the
    Private key JWKS
    field, enter the Private key that you used in the Create an Okta app task.
    Your entry should be similar to the following.
    { "keys": [ { "kty": "EC", "crv": "P-521", "kid": "OJE1cjnUBHGXHtOiHc64gSO1xxNzhoe9sRorb2CCKgU", "x": "AV4Ljfyl2eCoP1oyO_U3047BTprKxuwlUm57p7FsQJFMtW 1Xks7j8IQe4H0S8tNpd21Q_2NcKiJg5gjWKs0H3Oh6", "y": "AIWYPJ-c1UWEWQXO4Zkl3TKCPxCiAqv7ju_vJsO0Jye7zC 1SzqAFbfIzCRRq_MJJJfmw2ZbfgtvHmG28avR1O287", "alg": "ES521" } ] }
  7. In the
    Available services
    list, select the services that you want to assign to the
    Okta
    client and click the right arrow to move the service to the
    Selected service
    list. Note that you can assign only one
    Okta
    client for each service.
  8. Click
    Save
    .
Create an Enterprise Identity authentication policy and assign it to users or groups. In the policy, add your service in Manage service exceptions and set the minimum authentication level to Level 4.