Skip Navigation

Enable Mobile ZSO in
BlackBerry UEM

  • Users must have an
    Android Enterprise
    activated device, a
    Samsung Knox
    device, or an
    device enrolled with
  • Users must have
    BlackBerry Secure Connect Plus
    on their devices.
  1. Log in to
    BlackBerry UEM
    as an administrator.
  2. On the menu bar, click
    Settings > BlackBerry Enterprise Identity > Services.
  3. Click the service that you want to enable Mobile ZSO for.
  4. Select the
    Allow Mobile ZSO when specified by authentication policy
  5. Click
  6. Assign Mobile ZSO to an authentication level. For more information, see Managing authentication levels.
  7. Configure an authentication policy that specifies Mobile ZSO as the authentication level to be used by a particular group of users or specific service. For more information, see Managing authentication policies.
Turning on Mobile Zero Sign-On (Mobile ZSO) for a service allows that service to authenticate using Mobile ZSO. The overall authentication policy assigned in
BlackBerry UEM
must permit Mobile ZSO.
If you set up a service for Mobile ZSO without a fallback authenticator, it will only be accessible from managed mobile devices. However, if a password fallback authenticator is configured, Mobile ZSO will be used on managed mobile devices, and the user will be permitted to use the password on other devices.