Skip Navigation

Create a
BlackBerry Enterprise Identity
authentication policy

BlackBerry Persona
adds a new optional feature to
BlackBerry Enterprise Identity
authentication policies. You can now incorporate a user’s behavioral and/or geozone risk level into the factors that determine the authentication requirements for work apps and services. For example, you can configure the policy so that if a user’s geozone risk level is high, the user must enter both a password and use
BlackBerry 2FA
to access work apps.
For more information about how to enable and manage
BlackBerry Enterprise Identity
, see the BlackBerry Enterprise Identity docs.
If you want to use
BlackBerry Enterprise Identity
authentication profiles to enforce
BlackBerry 2FA
authentication, you must enable
BlackBerry 2FA
for users' devices. For more information, see Steps to manage BlackBerry 2FA in BlackBerry UEM.
  1. In the
    UEM
    management console, on the menu bar, click
    Policies and profiles > BlackBerry Enterprise Identity
    .
  2. Click
    Add a policy
    .
  3. Type a name and description.
  4. In the
    Minimum authentication level
    level drop-down list, click the desired authentication level. For more information, see Managing authentication levels in the
    BlackBerry Enterprise Identity
    Administration content.
  5. In the
    Risk scenarios
    table, click Add icon .
  6. Type a name and description for the risk scenario.
  7. In the
    Minimum authentication level
    drop-down list, select the desired authentication level that is required when the risk factors are met.
  8. In the
    Risk factor combination
    drop-down list, select the desired option.
  9. If you want
    UEM
    to consider a
    Persona
    risk level or a defined geozone to be a risk factor, select the
    BlackBerry Persona
    check box. Do any of the following:
    • If you want a behavioral risk level to be a risk factor, in the
      Identity risk level
      drop-down list, click the desired risk level.
    • If you want a geozone risk level to be a risk factor, in the
      Geozone risk level
      drop-down list, click the desired risk level.
    • If you want a defined geozone to be a risk factor, in the
      Administrator-defined geozone
      drop-down list, click the desired geozone. The geozone that you select will automatically set the
      Geozone risk level
      based on the configuration of the defined geozone.
  10. Click
    Save
    .
  11. If necessary, repeat steps 5 to 10 to add additional risk scenarios.
  12. Click
    Save
    .
  • Notify users that they will receive prompts asking whether they want to allow
    BlackBerry Enterprise Identity
    to provide location data and whether
    BlackBerry Enterprise Identity
    can trust the browser. Encourage users to accept both prompts. If a user does not,
    Persona
    cannot factor the data into the user’s risk model. Note that if a user logs in to the
    BlackBerry Enterprise Identity
    service for the first time using Incognito mode,
    BlackBerry Enterprise Identity
    cannot send location data. Location data will be sent in a subsequent login.