Enterprise Identity by BlackBerry
Transcription
Enterprise Identity by BlackBerry
Administration Guide Enterprise Identity by BlackBerry Published: 2015-05-12 SWD-20150512143527894 Contents Overview ..........................................................................................................................5 Enterprise Identity administrator console basics................................................................6 Sign in to the Enterprise Identity administrator console for the first time............................................................................. 6 Configure and assign services........................................................................................................................................... 7 Adjust the minimum level of assurance..............................................................................................................................8 About password policies................................................................................................................................................... 8 Apply a password policy.............................................................................................................................................8 Custom services............................................................................................................... 9 Add a custom service........................................................................................................................................................9 Remove a custom service..................................................................................................................................................9 Administrators................................................................................................................10 Add an administrator...................................................................................................................................................... 10 Add multiple administrators............................................................................................................................................ 10 Manage administrator entitlements.................................................................................................................................11 Remove an administrator................................................................................................................................................ 11 Users............................................................................................................................. 12 Invite users to a service................................................................................................................................................... 12 Manage users................................................................................................................................................................. 12 Glossary......................................................................................................................... 13 Legal notice....................................................................................................................14 Administration Administration 1 4 Overview Overview 2 Enterprise Identity by BlackBerry is a console that allows administrators to manage user access to specific services, such as: • BBM Meetings • BBM Protected • Box • Concur • Dropbox • Salesforce • Workday In addition, administrators can add any custom SaaS. Administrators can use the Enterprise Identity administrator console to manage users and to add and manage additional administrators. This content is intended for senior and junior IT professionals who are responsible for managing users who access an organization's services, such as hosting BBM Meetings. The following browsers are supported for administration: Internet Explorer 10 and 11, Google Chrome, Mozilla Firefox, and Safari. Client use is supported on all the browsers above as well as native browsers on devices running BlackBerry 10 OS version 10.2.1 or later, iOS 6 or later, and Android OS 4.0 (Ice Cream Sandwich) or later. 5 Enterprise Identity administrator console basics Enterprise Identity administrator console basics 3 A designated administrator receives an email invitation to sign in as an administrator for the Enterprise Identity administrator console. The email contains a link to sign in using an existing BlackBerry ID, or to create a new BlackBerry Identity account. After you sign in, you receive an email invitation with a link to the Enterprise Identity administrator console for your organization. The Enterprise Identity administrator console allows you to add and manage additional administrators, services, and invite users to use services. After users sign in, they can access your organization's services. The Enterprise Identity administrator console also contains the following features and information. Name Description Dashboard View the number of outstanding invitations and a summary of authentication events and service data. Enterprise View a summary of your organization that includes the organization name and domain, email settings, and the authentication policy. Administration View user details or remove users from your organization. Identity Proxies Add and configure identity proxies. Services Edit, enable, disable, or add custom services. Entitlements View and manage user and administrator entitlements to services. Password Policy View and set password requirements. User logs View a log of actions by user, service, or enterprise. System logs View messages about the system, including level of severity and scope. Sign in to the Enterprise Identity administrator console for the first time When your organization orders BBM Meetings or BBM Protected subscriptions, a designated administrator receives an email invitation to sign in as an administrator. The email contains a link to your organization's enterprise portal where you can sign in 6 Enterprise Identity administrator console basics with an existing BlackBerry ID or create a new BlackBerry Identity account. The administrator has 24 hours to sign in to BlackBerry Identity before the invitation expires. If the invitation expires, refer to the welcome packet for instructions. 1. In the email invitation, click the link. 2. On the Sign in to BlackBerry ID screen do one of the following: 3. • Enter your username and password to sign in using an existing account. • Click Sign Up to create a new account. If you receive a message that indicates you can't proceed until you confirm your email address, do one of the following: • If you created a new account, open the welcome email and click Confirm your email address. • If you signed in using an existing account, but your email address isn't confirmed, open the confirmation email and click confirm your email address. 4. In the email invitation, click Sign in to the Enterprise Identity Administrator Console. 5. Enter your information. Click Sign In. 6. Click BlackBerry Admin to open the Enterprise Identity administrator console. Configure and assign services Your system administrator must first add the service. Adding the service requires applying license keys, setting formatting and some other parameters that are specific to your organization. 1. Log in to the Enterprise Identity administrator console. 2. In the left pane, click Services. 3. Click Add beside the service that you want to add. 4. Complete the required fields. This information varies for each service and the environment. Contact your administrator for detailed information. 5. Click Save. 6. In the left pane, click Entitlements. 7. Select a service. Click Invite users and fill in the details. 8. Click Send Invite. 7 Enterprise Identity administrator console basics Adjust the minimum level of assurance 1. In the Enterprise Identity administrator console, in the left pane, click Services. 2. Do any of the following: 3. • Beside the service you want to activate, click Add. • To change the minimum level of assurance for the service, beside the service you want to change, click Edit. • In the Minimum Level of Assurance drop-down list, select the minimum level of assurance. Click Save. About password policies To help protect your organization's data, you can create an Enterprise Identity by BlackBerry password policy for the services that your organization subscribes to. When you create an Enterprise Identity password policy, you set the number of days after which the password expires. When the password expires, the user must create a new Enterprise Identity password for the service and for any other services that have the minimum level of assurance set to Enterprise Identity. If the minimum level of assurance for the service is set to Enterprise Identity, the first time a user signs in to a service using Enterprise Identity, the user is prompted to create an Enterprise Identity password for the service. After signing in with the Enterprise Identity password, the user can use the service without signing in again. Apply a password policy 1. Click Password Policy in the left pane. 2. Complete the rest of the fields with specific parameters. You can set the minimum length, require a minimum amount of numbers, lowercase letters, uppercase letters, and special characters. You can also set the lifetime of the password and limit the number of past passwords that can be reused. 3. Click Test to test the policy out or Save to store it. 8 Custom services Custom services 4 BlackBerry provides a growing selection of predefined service templates. As an administrator you may want to add additional, custom services to the Enterprise Identity administrator console. Most services that use the SAML protocols can be integrated. SAML services that you integrate may be customized and specific to your organization, or you might choose to integrate a service from a SaaS provider that is in broader use. When a service is enabled, users that you invite can use the service and you can invite additional users. When a service is disabled, authorization for all users is revoked. Add a custom service Before you begin: Gather the information in the table below before you begin adding a custom service. 1. In the Enterprise Identity administrator console, click the Services tab. 2. In the Select a service type to create drop-down list, select Custom Service. 3. Click Create. 4. Complete the fields to configure the custom service. 5. Click Save and Enable to launch the new custom service or click Save to keep the information for later. Remove a custom service 1. In the administrator console, click the Services tab. 2. In the list of services, find the service you want to remove. Click Disable. 3. Click Disable. 4. Click Remove. 9 Administrators Administrators 5 The Enterprise Identity administrator console allows you to perform the following actions: • Add new administrators • Change entitlements for existing administrators • Remove administrators Add an administrator After you sign in to the Enterprise Identity administrator console, you can invite other administrators from your organization to the Enterprise Identityadministrator console. 1. Click Entitlements > Admins > Invite Users. Enter the administrator's enterprise email address. 2. Click Send Invite. The administrator receives an email message with a link to the BlackBerry Identity sign in page. The administrator has 24 hours to sign in to BlackBerry Identity before the invitation expires. When the administrator signs in to the Enterprise Identity administrator console, they are listed as an administrator on the Entitlements screen. After the designated administrator completes the sign in process, the administrator can invite other administrators or users to applications in the Enterprise Identity administrator console. Administrators can grant or remove access for other users, but they cannot remove their own access. Add multiple administrators 1. Click Entitlements > Admins > Invite Users. 2. Enter the distribution list email address or browse to a to a .csv file that contains a list of users. 3. Click Send Invite. The administrators receive an email message with a link to the BlackBerry Identity sign in page. The administrators have 24 hours to sign in to BlackBerry Identity before the invitation expires. When the administrator signs in to the Enterprise Identity administrator console, they are listed as an administrator on the Entitlements screen. After the administrator completes the sign in process, the administrator can invite other administrators or users to applications in the Enterprise Identity administrator console. Administrators can grant or remove access for other users, but they cannot remove their own access. 10 Administrators Manage administrator entitlements 1. In the left pane, click Entitlements. 2. Click Admins. 3. Click the triangle beside the administrator that you want to update. Do one of the following: • To resend an invitation, click Resend Invite. • To remove administrative access for the administrator, click Revoke Entitlement. Remove an administrator If an administrator or a user leaves your organization, you can delete them from the enterprise. When you delete an administrator or a user, you revoke all of their entitlements that are managed by the Enterprise Identity administrator console. Administrators and users must be deleted from the Enterprise Identity administrator console of one enterprise before they can be added to the Enterprise Identity administrator console of another enterprise. 1. In the left pane, click Administration. 2. Beside an administrator's or a user's name, click Remove from enterprise. 3. In the Are you sure? dialog box, click Yes. 11 Users Users 6 When you add a user to a service, the user receives an email invitation from the Enterprise Identity administrator console. When the user tries to use the service for the first time, the user must sign in using their BlackBerry ID. The user is not asked to sign in again. A user can sign in with an existing BlackBerry ID or create a BlackBerry ID from the invitation. After a user signs in to BlackBerry ID, the user is listed in the Enterprise Identity administrator console as an accepted user. Invite users to a service 1. In the left pane, click Entitlements. 2. Click the name of the service to entitle users for that service. • Click Invite Users if you are entering email addresses or will browse to a .csv file containing a list of users. Use this method for BBM Protected, BBM Meetings, and other services that do not use LDAP. After entering the addresses or selecting the file, click Send Invite. After you invite a user to a service, the user receives an email with instructions to sign in with an existing BlackBerry ID or to create a BlackBerry Identity account. The user has 24 hours to sign in to BlackBerry Identity before the invitation expires. After a user signs in to BlackBerry Identity, they can use the features the service provides. Manage users Before you begin: In the Enterprise Identity administrator console, you can resend invitations to users or revoke users' ability to use a service. 1. In the left pane, click Entitlements. 2. Click the name of the service. 3. Click the triangle beside the user's name that you want to update. Do one of the following: • To resend an invitation, click Resend Invite. • To revoke a user's access, click Revoke Entitlement. 12 Glossary Glossary 7 IP Internet Protocol NAT network address translation SaaS Software as a Service SAML Security Assertion Markup Language SSH Secure Shell 13 Legal notice Legal notice 8 ©2015 BlackBerry. All rights reserved. BlackBerry® and related trademarks, names, and logos are the property of BlackBerry Limited and are registered and/or used in the U.S. and countries around the world. Android and Google Chrome are trademarks of Google Inc. Box is a trademark of Box, Inc. Concur is a trademark of Concur Technologies, Inc. Dropbox is a trademark of Dropbox, Inc. Linux is a trademark of Linus Torvalds. Microsoft Active Directory and Internet Explorer are trademarks of Microsoft Corporation. Mozilla Firefox is a trademark of Mozilla Foundation. Oracle VM VirtualBox is a trademark of Oracle and/or its affiliates.Salesforce is a trademark of salesforce.com, inc. Safari and iOS are trademarks of Apple Inc. Ubuntu is a trademark of Canonical Limited. Workday is a trademark of Workday, Inc. All other trademarks are the property of their respective owners. This documentation including all documentation incorporated by reference herein such as documentation provided or made available on the BlackBerry website provided or made accessible "AS IS" and "AS AVAILABLE" and without condition, endorsement, guarantee, representation, or warranty of any kind by BlackBerry Limited and its affiliated companies ("BlackBerry") and BlackBerry assumes no responsibility for any typographical, technical, or other inaccuracies, errors, or omissions in this documentation. In order to protect BlackBerry proprietary and confidential information and/or trade secrets, this documentation may describe some aspects of BlackBerry technology in generalized terms. BlackBerry reserves the right to periodically change information that is contained in this documentation; however, BlackBerry makes no commitment to provide any such changes, updates, enhancements, or other additions to this documentation to you in a timely manner or at all. This documentation might contain references to third-party sources of information, hardware or software, products or services including components and content such as content protected by copyright and/or third-party websites (collectively the "Third Party Products and Services"). BlackBerry does not control, and is not responsible for, any Third Party Products and Services including, without limitation the content, accuracy, copyright compliance, compatibility, performance, trustworthiness, legality, decency, links, or any other aspect of Third Party Products and Services. The inclusion of a reference to Third Party Products and Services in this documentation does not imply endorsement by BlackBerry of the Third Party Products and Services or the third party in any way. EXCEPT TO THE EXTENT SPECIFICALLY PROHIBITED BY APPLICABLE LAW IN YOUR JURISDICTION, ALL CONDITIONS, ENDORSEMENTS, GUARANTEES, REPRESENTATIONS, OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION, ANY CONDITIONS, ENDORSEMENTS, GUARANTEES, REPRESENTATIONS OR WARRANTIES OF DURABILITY, FITNESS FOR A PARTICULAR PURPOSE OR USE, MERCHANTABILITY, MERCHANTABLE QUALITY, NONINFRINGEMENT, SATISFACTORY QUALITY, OR TITLE, OR ARISING FROM A STATUTE OR CUSTOM OR A COURSE OF DEALING OR USAGE OF TRADE, OR RELATED TO THE DOCUMENTATION OR ITS USE, OR PERFORMANCE OR NONPERFORMANCE OF ANY SOFTWARE, HARDWARE, SERVICE, OR ANY THIRD PARTY PRODUCTS AND SERVICES REFERENCED HEREIN, ARE HEREBY EXCLUDED. YOU MAY ALSO HAVE OTHER RIGHTS THAT VARY BY STATE OR PROVINCE. SOME JURISDICTIONS MAY NOT ALLOW THE EXCLUSION OR LIMITATION OF IMPLIED WARRANTIES AND CONDITIONS. TO THE EXTENT PERMITTED BY LAW, ANY IMPLIED WARRANTIES OR CONDITIONS RELATING TO THE DOCUMENTATION TO THE EXTENT THEY CANNOT BE EXCLUDED AS SET OUT ABOVE, BUT CAN BE LIMITED, ARE HEREBY LIMITED TO NINETY (90) DAYS FROM THE DATE YOU FIRST ACQUIRED THE DOCUMENTATION OR THE ITEM THAT IS THE SUBJECT OF THE CLAIM. 14 Legal notice TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW IN YOUR JURISDICTION, IN NO EVENT SHALL BLACKBERRY BE LIABLE FOR ANY TYPE OF DAMAGES RELATED TO THIS DOCUMENTATION OR ITS USE, OR PERFORMANCE OR NONPERFORMANCE OF ANY SOFTWARE, HARDWARE, SERVICE, OR ANY THIRD PARTY PRODUCTS AND SERVICES REFERENCED HEREIN INCLUDING WITHOUT LIMITATION ANY OF THE FOLLOWING DAMAGES: DIRECT, CONSEQUENTIAL, EXEMPLARY, INCIDENTAL, INDIRECT, SPECIAL, PUNITIVE, OR AGGRAVATED DAMAGES, DAMAGES FOR LOSS OF PROFITS OR REVENUES, FAILURE TO REALIZE ANY EXPECTED SAVINGS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, LOSS OF BUSINESS OPPORTUNITY, OR CORRUPTION OR LOSS OF DATA, FAILURES TO TRANSMIT OR RECEIVE ANY DATA, PROBLEMS ASSOCIATED WITH ANY APPLICATIONS USED IN CONJUNCTION WITH BLACKBERRY PRODUCTS OR SERVICES, DOWNTIME COSTS, LOSS OF THE USE OF BLACKBERRY PRODUCTS OR SERVICES OR ANY PORTION THEREOF OR OF ANY AIRTIME SERVICES, COST OF SUBSTITUTE GOODS, COSTS OF COVER, FACILITIES OR SERVICES, COST OF CAPITAL, OR OTHER SIMILAR PECUNIARY LOSSES, WHETHER OR NOT SUCH DAMAGES WERE FORESEEN OR UNFORESEEN, AND EVEN IF BLACKBERRY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW IN YOUR JURISDICTION, BLACKBERRY SHALL HAVE NO OTHER OBLIGATION, DUTY, OR LIABILITY WHATSOEVER IN CONTRACT, TORT, OR OTHERWISE TO YOU INCLUDING ANY LIABILITY FOR NEGLIGENCE OR STRICT LIABILITY. THE LIMITATIONS, EXCLUSIONS, AND DISCLAIMERS HEREIN SHALL APPLY: (A) IRRESPECTIVE OF THE NATURE OF THE CAUSE OF ACTION, DEMAND, OR ACTION BY YOU INCLUDING BUT NOT LIMITED TO BREACH OF CONTRACT, NEGLIGENCE, TORT, STRICT LIABILITY OR ANY OTHER LEGAL THEORY AND SHALL SURVIVE A FUNDAMENTAL BREACH OR BREACHES OR THE FAILURE OF THE ESSENTIAL PURPOSE OF THIS AGREEMENT OR OF ANY REMEDY CONTAINED HEREIN; AND (B) TO BLACKBERRY AND ITS AFFILIATED COMPANIES, THEIR SUCCESSORS, ASSIGNS, AGENTS, SUPPLIERS (INCLUDING AIRTIME SERVICE PROVIDERS), AUTHORIZED BLACKBERRY DISTRIBUTORS (ALSO INCLUDING AIRTIME SERVICE PROVIDERS) AND THEIR RESPECTIVE DIRECTORS, EMPLOYEES, AND INDEPENDENT CONTRACTORS. IN ADDITION TO THE LIMITATIONS AND EXCLUSIONS SET OUT ABOVE, IN NO EVENT SHALL ANY DIRECTOR, EMPLOYEE, AGENT, DISTRIBUTOR, SUPPLIER, INDEPENDENT CONTRACTOR OF BLACKBERRY OR ANY AFFILIATES OF BLACKBERRY HAVE ANY LIABILITY ARISING FROM OR RELATED TO THE DOCUMENTATION. Prior to subscribing for, installing, or using any Third Party Products and Services, it is your responsibility to ensure that your airtime service provider has agreed to support all of their features. Some airtime service providers might not offer Internet browsing functionality with a subscription to the BlackBerry® Internet Service. Check with your service provider for availability, roaming arrangements, service plans and features. Installation or use of Third Party Products and Services with BlackBerry's products and services may require one or more patent, trademark, copyright, or other licenses in order to avoid infringement or violation of third party rights. You are solely responsible for determining whether to use Third Party Products and Services and if any third party licenses are required to do so. If required you are responsible for acquiring them. You should not install or use Third Party Products and Services until all necessary licenses have been acquired. Any Third Party Products and Services that are provided with BlackBerry's products and services are provided as a convenience to you and are provided "AS IS" with no express or implied conditions, endorsements, guarantees, representations, or warranties of any kind by BlackBerry and BlackBerry assumes no liability whatsoever, in relation thereto. Your use of Third Party Products and Services shall be governed by and subject to you agreeing to the terms of separate licenses and other agreements applicable thereto with third parties, except to the extent expressly covered by a license or other agreement with BlackBerry. The terms of use of any BlackBerry product or service are set out in a separate license or other agreement with BlackBerry applicable thereto. NOTHING IN THIS DOCUMENTATION IS INTENDED TO SUPERSEDE ANY EXPRESS WRITTEN AGREEMENTS OR WARRANTIES PROVIDED BY BLACKBERRY FOR PORTIONS OF ANY BLACKBERRY PRODUCT OR SERVICE OTHER THAN THIS DOCUMENTATION. 15 Legal notice BlackBerry Enterprise Software incorporates certain third-party software. The license and copyright information associated with this software is available at http://worldwide.blackberry.com/legal/thirdpartysoftware.jsp. BlackBerry Limited 2200 University Avenue East Waterloo, Ontario Canada N2K 0A7 BlackBerry UK Limited 200 Bath Road Slough, Berkshire SL1 3XE United Kingdom Published in Canada 16