Create a custom
Enterprise Identity
administrator

You can use administrator roles to delegate specific

BlackBerry Enterprise Identity

administrative tasks to users. The Security Administrator role in

BlackBerry UEM

has full permissions to the management console, including creating and managing roles and administrators. At least one administrator must be a Security Administrator.

BlackBerry UEM

includes preconfigured roles in addition to the Security Administrator role. You can edit or delete all roles except the Security Administrator role. You can also create custom roles.

Any new custom

BlackBerry Enterprise Identity

administrators that you create do not have the ability to assign

BlackBerry Enterprise Identity

entitlements or to assign apps and app groups to users or user groups. For more information, see Assign entitlements to users or groups and Managing app groups.

You must be a Security Administrator to create a custom role.

In the left menu click

Settings > Administrators > Roles

Click

Type a name and description for the role.

In the

Polices and Profiles

section, select the

Enterprise Identity

policy options. The choices are:

View Enterprise Identity Authentication Policy

Create/Edit Authentication policy, Delete Authentication policy

Assign Authentication policy to users and groups

: This setting requires view permissions for users and groups to display the Users and Devices tab and the Groups tab, respectively. For example, if you want the role to assign policies to users, you must enable the "View users and activated devices." If you want the role to assign policies to groups, you must enable the "View group settings."

In the

Settings

section, select the

Enterprise Identity

options. The choices are:

View Enterprise Identity Enterprise Settings, Edit Enterprise Identity Enterprise Settings, View Enterprise Identity Services

, and

Edit Enterprise Identity Services

Click

Save

Add the role to a user account or user group.

For more information about roles, see the