Managing authentication levels
Three authentication types are available in
Enterprise Identity
. The ranking of these authenticators can be changed in the BlackBerry UEM
console, on the Settings
page. For more information on ranking, see Change Enterprise Identity settings.Authenticator type | Description |
|---|---|
Enterprise password | This security method requires a password before users can access a service. It is the default method. The password is one currently associated with a user account in Active
Directory , an LDAP directory, or BlackBerry UEM . |
Enterprise password and BlackBerry 2FA | This security method leverages BlackBerry 2FA and requires both a password and an acknowledgment on a user's mobile device before they can access a service. |
Mobile ZSO | This security method, available on mobile devices, allows a user to access a service without having to explicitly authenticate. Instead, it leverages the user's authentication with the device or secure container as proof of identity. |
Ping password | This security method, available to PingFederate users, requires users to enter their Ping Identity password before they can access a service. For additional security, you can also require users to acknowledge a prompt, or enter their PingID. |
You can assign these authentication levels to the user or group for each service by defining an authentication policy. For more information on policies, see Managing authentication policies.