Create an Enterprise Identity authentication policy
Enterprise Identityauthentication policy
Complete the following task to create a
Enterprise Identitypolicy for user groups.
- In theBlackBerry UEMconsole, on the menu bar, clickPolicies and Profiles>BlackBerry Enterprise Identity.
- Click the besideAuthentication policies.
- Enter a name and description for the profile.
- In theMinimum authentication leveldrop-down list, specify an authentication level. For more information, see Managing authentication levels.
- In theRisk scenariostable, click .
- Enter a name, and description.
- In theMinimum authentication leveldrop-down list, select the desired authentication level that you want to be applied when the risk factors are met.
- In theRisk factor combinationlist, choose one of the following options:
- If you want to apply all selected risk factors to the scenario, selectAll selected factors are present
- If you want to have any of the selected risk factors apply to the scenario, selectAny of the selected factors is present
- If you want to assess whether a user's app or browser is connected to the same network as theBlackBerry UEMserver, select theNetwork detectionoption, and in theConfigurationdrop-down list, select the desired option. Note that you cannot enable the network detection risk factor inBlackBerry UEM Cloud.
- If you want to establish a reference of trust between the browser andEnterprise Identitythe first time that they open a browser, select theBrowser detectionoption, and in theConfigurationdrop-down list, select the desired option.
- If you want to useBlackBerry Persona Mobilerisk levels and geozones as risk factors, choose theBlackBerry Personaoption and select from the following options:
- Behavioral risk level:BlackBerry Personacloud services in theBlackBerry Infrastructuregather and process app data and use it to calculate a risk level for each user.
- Admin-defined geozone: Choose a geozone that your organization'sBlackBerry UEMadministrator created.For more information about risk levels and geozones, refer to theBlackBerry Persona Mobilecontent.
- Geozone risk level: Choose from High, Medium, or Low. This setting specifies a level of risk that can be attributed to a user by comparing the user's physical location to the region contained within an Admin-defined geozone or a learned geozone.
- If you want to create an exception for any of your organization's services, clickManage service exceptions, select the service from the list, and set up any necessary risk scenarios for the service.
- If necessary, repeat steps 5 to 11 to add additional risk scenarios. Note that each risk scenario must use a unique set of risk factors.