Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry Enterprise ID
  3. BlackBerry Enterprise Identity Administration Guide
  4. Managing authentication levels
  5. Enabling Mobile ZSO
  6. Enable Mobile ZSO in BlackBerry UEM

Enable Mobile ZSO in
BlackBerry UEM

  • Users must have an
    Android Enterprise
     activated device, a
    Samsung Knox
     device, or an
    iOS
     device enrolled with
    UEM
    .
  • Users must have
    BlackBerry Secure Connect Plus
     on their devices.
  1. Log in to
    BlackBerry UEM
     as an administrator.
  2. On the menu bar, click
    Settings > BlackBerry Enterprise Identity > Services.
  3. Click the service that you want to enable Mobile ZSO for.
  4. Select the
    Allow Mobile ZSO when specified by authentication policy
     option.
  5. Click
    Save
    .
  6. Assign Mobile ZSO to an authentication level. For more information, see Managing authentication levels.
  7. Configure an authentication policy that specifies Mobile ZSO as the authentication level to be used by a particular group of users or specific service. For more information, see Managing authentication policies.
Turning on Mobile Zero Sign-On (Mobile ZSO) for a service allows that service to authenticate using Mobile ZSO. The overall authentication policy assigned in
BlackBerry UEM
 must permit Mobile ZSO.
If you set up a service for Mobile ZSO without a fallback authenticator, it will only be accessible from managed mobile devices. However, if a password fallback authenticator is configured, Mobile ZSO will be used on managed mobile devices, and the user will be permitted to use the password on other devices.