Skip Navigation

Managing authentication levels

Three authentication types are available in 
Enterprise Identity
. The ranking of these authenticators can be changed in the 
BlackBerry UEM
 console, on the 
 page. For more information on ranking, see Change Enterprise Identity settings.
Authenticator type
Enterprise password
This security method requires a password before users can access a service. It is the default method. The password is one currently associated with a user account in 
Active Directory
, an LDAP directory, or 
BlackBerry UEM
Enterprise password and 
BlackBerry 2FA
This security method leverages 
BlackBerry 2FA
 and requires both a password and an acknowledgment on a user's mobile device before they can access a service.
Mobile ZSO
This security method, available on mobile devices, allows a user to access a service without having to explicitly authenticate. Instead, it leverages the user's authentication with the device or secure container as proof of identity.
Ping password
This security method, available to 
 users, requires users to enter their 
Ping Identity
 password before they can access a service. For additional security, you can also require users to acknowledge a prompt, or enter their PingID.
You can assign these authentication levels to the user or group for each service by defining an authentication policy. For more information on policies, see Managing authentication policies.