Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry Enterprise ID
  3. BlackBerry Enterprise Identity Administration Guide
  4. Using authenticator level ranking and authentication policies to manage security
  5. Requiring additional authentication when users are connected to an external network
  6. Add an authentication policy for external networks

Add an authentication policy for external networks

  1. On the menu bar, click
    Policies and profiles
    . Click
    BlackBerry Enterprise Identity
     below Managed devices.
  2. In the
    Authentication policies
     pane, click
    Add a policy
    .
  3. Enter a name and description for the authentication policy.
  4. In the
    Minimum authentication level
     drop-down list, select Level 1.
    This level corresponds to the Enterprise password authenticator ranking that you set in the previous task. If you save this policy without adding a risk scenario and assign it to users, they will be required to enter only their enterprise password when they log into a service. If you want to require additional authentication based on the type of network that they are connected to, complete the following steps to add a risk scenario.
  5. In the
    Risk scenarios
     table, click +.
  6. Enter a name and description for the scenario.
  7. In the
    Minimum authentication level
     drop-down list, select Level 3. This level corresponds to the Enterprise password + BlackBerry 2FA authenticator ranking that you set in the previous task.
  8. Click
    Network detection
    .
  9. In the
    Configuration
     drop-down list, select
    Not on a work network
    .
    If you configure this option, when one of your organization’s users is not on a work network and they try to log into a service, they will be required to enter their enterprise password and respond to a
    BlackBerry 2FA
     prompt on their device.
  10. Click
    Save
    .
  11. Click
    Save
    .
Assign the authentication policy to users or groups.