Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry Enterprise ID
  3. BlackBerry Enterprise Identity Administration Guide
  4. Using authenticator level ranking and authentication policies to manage security
  5. Requiring additional authentication when users are connected to an external network
  6. Add an authentication policy for external networks

Add an authentication policy for external networks

  1. On the menu bar, click 
    Policies and profiles
    . Click 
    BlackBerry Enterprise Identity
     below Managed devices.
  2. In the 
    Authentication policies
     pane, click 
    Add a policy
    .
  3. Enter a name and description for the authentication policy.
  4. In the 
    Minimum authentication level
     drop-down list, select Level 1. 
    This level corresponds to the Enterprise password authenticator ranking that you set in the previous task. If you save this policy without adding a risk scenario and assign it to users, they will be required to enter only their enterprise password when they log into a service. If you want to require additional authentication based on the type of network that they are connected to, complete the following steps to add a risk scenario.
  5. In the 
    Risk scenarios
     table, click +.
  6. Enter a nameand description for the scenario.
  7. In the 
    Minimum authentication leve
    l drop-down list, select Level 3. This level corresponds to the Enterprise password + BlackBerry 2FA authenticator ranking that you set in the previous task.
  8.  Click 
    Network detection
    .
  9.  In the 
    Configuration
     drop-down list, select 
    Not on a work network
    .
    If you configure this option, when one of your organization’s users is not on a work networkand they try to log into a service, they will be required to enter their enterprise password and respond to a 
    BlackBerry 2FA
     prompt on their device.
  10. Click 
    Save
    .
  11. Click 
    Save
    .
  • Assign the authentication policy to users or groups.