Configuring BlackBerry Enterprise Identity to work with Workspaces
BlackBerry Enterprise Identity
to work with Workspaces
You
must have the following environment:
- An on-premise installation ofWorkspaceswith vApp or Appliance-X
- ABlackBerry UEMserver, orBlackBerry UEM Cloudinstance enabled withEnterprise Identity
New
BlackBerry UEM Cloud
and
Workspaces
tenants are now auto-configured to allow users to sign in with Enterprise Identity
,
allowing application of two-factor authentication or other advanced access
policies (pre-existing BlackBerry UEM Cloud
tenants will gain this capability in a future release)- Go tohttps://<your server>/saml-idp/saml/metadata.
- Download the metadata file.
- Do one of the following:
- Use theBlackBerry UEMversion 12.6.3 or earlier management console management console to log into theEnterprise Identityconsole.
- Use theBlackBerry UEMversion 12.7 or later, or theBlackBerry UEM Cloudmanagement console to open theEnterprise IdentityServices page.
- Create aWorkspacesservice.
- Map the service entity ID and the signin / signout URL from the metadata to the corresponding fields inWorkspacesservice.
- Configure IDP signing certificate and private key using the key pair generated earlier.
- Set the claims asE-mail Address (http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddresses).
- ClickSave.
- Download the metadata for theWorkspacesservice.
- With an administrator account, log in to theWorkspacesmanagement console.
- ClickAuthentication typeand selectBlackBerry Enterprise Identity.
- Upload the metadata you downloaded fromBlackBerry UEMforWorkspaces. This creates a new IDP inWorkspaces.
- ClickSave.
- Log intoWorkspacesBlackBerry Workspaces Configuration Tooland associate the tenant with the new IDP.
- Log into theWorkspacesURL and verify that it directs to the IDP.
- Verify that everything works by entering the username and password for a user that is entitled withBlackBerry Enterprise Identity.