Skip Navigation

Create an
Enterprise Identity
authentication policy

Complete the following task to create a
Enterprise Identity
policy for user groups.
  1. In the
    BlackBerry UEM
    console, on the menu bar, click
    Policies and Profiles
    BlackBerry Enterprise Identity
  2. Click the beside
    Authentication policies
  3. Enter a name and description for the profile.
  4. In the
    Minimum authentication level
    drop-down list, specify an authentication level. For more information, see Managing authentication levels.
  5. In the
    Risk scenarios
    table, click .
  6. Enter a name, and description.
  7. In the
    Minimum authentication level
    drop-down list, select the desired authentication level that you want to be applied when the risk factors are met.
  8. In the
    Risk factor combination
    list, choose one of the following options:
    • If you want to apply all selected risk factors to the scenario, select
      All selected factors are present
    • If you want to have any of the selected risk factors apply to the scenario, select
      Any of the selected factors is present
  9. If you want to assess whether a user's app or browser is connected to the same network as the
    BlackBerry UEM
    server, select the
    Network detection
    option, and in the
    drop-down list, select the desired option. Note that you cannot enable the network detection risk factor in
    BlackBerry UEM Cloud
  10. If you want to establish a reference of trust between the browser and
    Enterprise Identity
    the first time that they open a browser, select the
    Browser detection
    option, and in the
    drop-down list, select the desired option.
  11. If you want to use
    CylancePERSONA Mobile
    risk levels and geozones as risk factors, choose the
    BlackBerry Persona
    option and select from the following options:
    • Behavioral risk level
      cloud services in the
      BlackBerry Infrastructure
      gather and process app data and use it to calculate a risk level for each user.
    • Admin-defined geozone
      : Choose a geozone that your organization's
      BlackBerry UEM
      administrator created.
      For more information about risk levels and geozones, refer to the
      CylancePERSONA Mobile
    • Geozone risk level
      : Choose from High, Medium, or Low. This setting specifies a level of risk that can be attributed to a user by comparing the user's physical location to the region contained within an Admin-defined geozone or a learned geozone.
  12. Click
  13. If you want to create an exception for any of your organization's services, click
    Manage service exceptions
    , select the service from the list, and set up any necessary risk scenarios for the service.
  14. If necessary, repeat steps 5 to 11 to add additional risk scenarios. Note that each risk scenario must use a unique set of risk factors.
  15. Click