Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry Enterprise ID
  3. BlackBerry Enterprise Identity Administration Guide
  4. Managing services
  5. Managing services in the BlackBerry UEM management console
  6. Add an AD FS Claims Provider service

Add an AD FS Claims Provider service

If your organization has apps that use
Active Directory
 Federation Services (AD FS) forms-based authentication, you  can add an AD FS Claims Provider service so that
Enterprise Identity
  can authenticate the AD FS apps using the forms authentication type.
Enterprise Identity
 supports AD FS 2019 and later
  • Verify that the AD FS role has been added to the
    Active Directory
     server.
  • Verify that
    UEM
     is connected to the
    Active Directory
     server that has the AD FS role.
  1. In the
    UEM
    management console, click
    Settings
     >
    BlackBerry Enterprise Identity
     >
    Services
    .
  2. In the
    SAML Services
     table, click The Add icon.
  3. Click
    ADFS Claims Provider
    .
  4. If you want to enable ZSO for users, select the
    Allow Mobile ZSO when specified by authentication policy
     and
    Allow Kerberos Desktop ZSO when specified by authentication policy
     check boxes.
  5. Type a name and description for the service.
  6. In the 
    Service provider entity ID
     field, enter
    http://<adfs_host>/adfs/services/trust
    , where
    adfs_endpoint
     is the name of the
    Active Directory
     server that has the ADFS role.
  7. In the 
    Assertion consumer service POST URL
     field, enter
    http://<adfs_host>/adfs/services/ls
    , where
    adfs_endpoint
     is the name of the
    Active Directory
     server that has the ADFS role.
  8. In the 
    Single logout service URL
     field, enter
    http://<adfs_host>/adfs/services/ls
    , where
    adfs_endpoint
     is the name of the
    Active Directory
     server that has the ADFS role.
  9. Click
    Save
    .
Assign the service to users.