Enable Mobile ZSO in BlackBerry UEM
- Users must have anAndroid Enterpriseactivated device, aSamsung Knoxdevice, or aniOSdevice enrolled withUEM.
- Users must haveBlackBerry Secure Connect Pluson their devices.
- Log in toBlackBerry UEMas an administrator.
- On the menu bar, clickSettings > BlackBerry Enterprise Identity > Services.
- Click the service that you want to enable Mobile ZSO for.
- Select theAllow Mobile ZSO when specified by authentication policyoption.
- Assign Mobile ZSO to an authentication level. For more information, see Managing authentication levels.
- Configure an authentication policy that specifies Mobile ZSO as the authentication level to be used by a particular group of users or specific service. For more information, see Managing authentication policies.
Turning on Mobile Zero Sign-On (Mobile ZSO) for a service allows that service to authenticate using Mobile ZSO. The overall authentication policy assigned in
BlackBerry UEMmust permit Mobile ZSO.
If you set up a service for Mobile ZSO without a fallback authenticator, it will only be accessible from managed mobile devices. However, if a password fallback authenticator is configured, Mobile ZSO will be used on managed mobile devices, and the user will be permitted to use the password on other devices.