Enhanced authentication sign in for the Cylance Multi-Tenant Console
Cylance
Multi-Tenant Console
The management console provides enhanced authentication capabilities, including local multi-factor authentication and more granular authentication policies and policy assignments. You can configure the environment to specify the types of authentication that partner users must complete to sign in to the
Cylance
Multi-Tenant Console
. By default, partner users use their BlackBerry Online Account
password and a one-time password to access the console after they set up their account. You can create authentication policies that specify the types of authentication that must be completed by all partner users in the console. Only one default authentication policy can be created for signing in to the console. You can create separate authentication policies the specify the authentication methods that partner users must complete. The authentication types added to the default authentication and user authentication policies must be completed in the order specified in the policy. As a failsafe, you may configure one partner administrator to access the
Cylance
Multi-Tenant Console
using their username and a strong password.To configure enhanced authentication for sign-in, perform one of the following actions:
Configure enhanced authentication for signing in to the console
If your
Cylance
Multi-Tenant Console
account was created before July 2024, complete these steps if you want to configure your users to authenticate with the console using an authenticator such as One-Time Password in addition to the BlackBerry Online Account
password.Step | Action |
|---|---|
 | Sign in to the Cylance Multi-Tenant Console using your existing username and password. |
 | Add an authenticator (for example, One-Time Password or SAML). By default, the following authenticators are configured for use in your environment: "One-Time Password" and BlackBerry Online Account . |
 | Add a One-Time Password authenticator to the default authentication policy for partner administrators and users. |
 | Create an authentication policy that uses the password and the authenticator that you created (optional).
As a failsafe, create one authentication policy that only uses the Cylance console password and assign it to one administrator. |
 | Test the authentication policy by signing in to the console. |
Remove One-Time Password authentication for signing in to the console
Cylance
Multi-Tenant Console
accounts created in July 2024 or later require users to enter a One-Time Password after they enter the Cylance
console password each time before they can access the console. Complete these steps if you want to remove the One-Time Password requirement for users to authenticate with the console.Step | Action |
|---|---|
| Sign in to the Cylance Multi-Tenant Console using your existing username, password, and one-time password. |
| Remove the One-Time Password authenticator from the default authentication policy. |
| Test the authentication policy by signing in to the console. |
Configure a new IDP SAML authenticator for SSO and IDP-initiated access to the console
Complete these steps if you want to configure a new identity provider (IDP) SAML authenticator for users to authenticate with the
Cylance
Multi-Tenant Console
. Users can use their IDP credentials to access the console from the IDP sign-in page or from the IDP-initiated SSO portal.Step | Action |
|---|---|
| In the IDP environment, create a new SAML application. |
| Configure the IDP to communicate with the Cylance Multi-Tenant Console . |
| |
| Create an authentication policy that uses the authenticator that you created.
As a failsafe, create one authentication policy that only uses the BlackBerry Online Account password and assign it to one administrator. |
| Verify whether you need to Generate a new SSO callback URL for an authenticator. If necessary, update it in the IDP environment. |
 | Test the authentication policy by signing in the console. |
Update an existing IDP SAML authenticator to enable IDP-initiated access to the console
Complete these steps only if your IDP SAML authenticator was created before July 2024 and you want to enable IDP-initiated SSO for users to access the console from the IDP user portal. For a walkthrough, see How do I update IDP (SAML) authenticators to enable IDP-initiated access to the
Cylance
console and select your IDP. Step | Action |
|---|---|
| Sign in to the Cylance Multi-Tenant Console using your existing username and password. |
| Verify whether you need to Generate a new SSO callback URL for an authenticator. If necessary, update it in the IDP environment. |
| Update the authentication policy to use the authenticator with the new SSO callback URL.
As a failsafe, create one authentication policy that only uses the BlackBerry Online Account password and assign it to one administrator. |
| Test the authentication policy by signing in the console. |