Enterprise Identity by BlackBerry

Transcription

Enterprise Identity by BlackBerry
Administration Guide
Enterprise Identity by BlackBerry
Published: 2015-05-12
SWD-20150512143527894
Contents
Overview ..........................................................................................................................5
Enterprise Identity administrator console basics................................................................6
Sign in to the Enterprise Identity administrator console for the first time............................................................................. 6
Configure and assign services........................................................................................................................................... 7
Adjust the minimum level of assurance..............................................................................................................................8
About password policies................................................................................................................................................... 8
Apply a password policy.............................................................................................................................................8
Custom services............................................................................................................... 9
Add a custom service........................................................................................................................................................9
Remove a custom service..................................................................................................................................................9
Administrators................................................................................................................10
Add an administrator...................................................................................................................................................... 10
Add multiple administrators............................................................................................................................................ 10
Manage administrator entitlements.................................................................................................................................11
Remove an administrator................................................................................................................................................ 11
Users............................................................................................................................. 12
Invite users to a service................................................................................................................................................... 12
Manage users................................................................................................................................................................. 12
Glossary......................................................................................................................... 13
Legal notice....................................................................................................................14
Administration
Administration
1
4
Overview
Overview
2
Enterprise Identity by BlackBerry is a console that allows administrators to manage user access to specific services, such as:
•
BBM Meetings
•
BBM Protected
•
Box
•
Concur
•
Dropbox
•
Salesforce
•
Workday
In addition, administrators can add any custom SaaS.
Administrators can use the Enterprise Identity administrator console to manage users and to add and manage additional
administrators. This content is intended for senior and junior IT professionals who are responsible for managing users who
access an organization's services, such as hosting BBM Meetings.
The following browsers are supported for administration: Internet Explorer 10 and 11, Google Chrome, Mozilla Firefox, and
Safari. Client use is supported on all the browsers above as well as native browsers on devices running BlackBerry 10 OS version
10.2.1 or later, iOS 6 or later, and Android OS 4.0 (Ice Cream Sandwich) or later.
5
Enterprise Identity administrator console basics
Enterprise Identity administrator
console basics
3
A designated administrator receives an email invitation to sign in as an administrator for the Enterprise Identity administrator
console. The email contains a link to sign in using an existing BlackBerry ID, or to create a new BlackBerry Identity account.
After you sign in, you receive an email invitation with a link to the Enterprise Identity administrator console for your organization.
The Enterprise Identity administrator console allows you to add and manage additional administrators, services, and invite users
to use services. After users sign in, they can access your organization's services. The Enterprise Identity administrator console
also contains the following features and information.
Name
Description
Dashboard
View the number of outstanding invitations and a summary of authentication events
and service data.
Enterprise
View a summary of your organization that includes the organization name and
domain, email settings, and the authentication policy.
Administration
View user details or remove users from your organization.
Identity Proxies
Add and configure identity proxies.
Services
Edit, enable, disable, or add custom services.
Entitlements
View and manage user and administrator entitlements to services.
Password Policy
View and set password requirements.
User logs
View a log of actions by user, service, or enterprise.
System logs
View messages about the system, including level of severity and scope.
Sign in to the Enterprise Identity administrator
console for the first time
When your organization orders BBM Meetings or BBM Protected subscriptions, a designated administrator receives an email
invitation to sign in as an administrator. The email contains a link to your organization's enterprise portal where you can sign in
6
Enterprise Identity administrator console basics
with an existing BlackBerry ID or create a new BlackBerry Identity account. The administrator has 24 hours to sign in to
BlackBerry Identity before the invitation expires. If the invitation expires, refer to the welcome packet for instructions.
1.
In the email invitation, click the link.
2.
On the Sign in to BlackBerry ID screen do one of the following:
3.
•
Enter your username and password to sign in using an existing account.
•
Click Sign Up to create a new account.
If you receive a message that indicates you can't proceed until you confirm your email address, do one of the following:
•
If you created a new account, open the welcome email and click Confirm your email address.
•
If you signed in using an existing account, but your email address isn't confirmed, open the confirmation email
and click confirm your email address.
4.
In the email invitation, click Sign in to the Enterprise Identity Administrator Console.
5.
Enter your information. Click Sign In.
6.
Click BlackBerry Admin to open the Enterprise Identity administrator console.
Configure and assign services
Your system administrator must first add the service. Adding the service requires applying license keys, setting formatting and
some other parameters that are specific to your organization.
1.
Log in to the Enterprise Identity administrator console.
2.
In the left pane, click Services.
3.
Click Add beside the service that you want to add.
4.
Complete the required fields. This information varies for each service and the environment. Contact your administrator for
detailed information.
5.
Click Save.
6.
In the left pane, click Entitlements.
7.
Select a service. Click Invite users and fill in the details.
8.
Click Send Invite.
7
Enterprise Identity administrator console basics
Adjust the minimum level of assurance
1.
In the Enterprise Identity administrator console, in the left pane, click Services.
2.
Do any of the following:
3.
•
Beside the service you want to activate, click Add.
•
To change the minimum level of assurance for the service, beside the service you want to change, click Edit.
•
In the Minimum Level of Assurance drop-down list, select the minimum level of assurance.
Click Save.
About password policies
To help protect your organization's data, you can create an Enterprise Identity by BlackBerry password policy for the services
that your organization subscribes to.
When you create an Enterprise Identity password policy, you set the number of days after which the password expires. When the
password expires, the user must create a new Enterprise Identity password for the service and for any other services that have
the minimum level of assurance set to Enterprise Identity.
If the minimum level of assurance for the service is set to Enterprise Identity, the first time a user signs in to a service using
Enterprise Identity, the user is prompted to create an Enterprise Identity password for the service. After signing in with the
Enterprise Identity password, the user can use the service without signing in again.
Apply a password policy
1.
Click Password Policy in the left pane.
2.
Complete the rest of the fields with specific parameters. You can set the minimum length, require a minimum amount of
numbers, lowercase letters, uppercase letters, and special characters. You can also set the lifetime of the password and
limit the number of past passwords that can be reused.
3.
Click Test to test the policy out or Save to store it.
8
Custom services
Custom services
4
BlackBerry provides a growing selection of predefined service templates. As an administrator you may want to add additional,
custom services to the Enterprise Identity administrator console. Most services that use the SAML protocols can be integrated.
SAML services that you integrate may be customized and specific to your organization, or you might choose to integrate a
service from a SaaS provider that is in broader use.
When a service is enabled, users that you invite can use the service and you can invite additional users. When a service is
disabled, authorization for all users is revoked.
Add a custom service
Before you begin: Gather the information in the table below before you begin adding a custom service.
1.
In the Enterprise Identity administrator console, click the Services tab.
2.
In the Select a service type to create drop-down list, select Custom Service.
3.
Click Create.
4.
Complete the fields to configure the custom service.
5.
Click Save and Enable to launch the new custom service or click Save to keep the information for later.
Remove a custom service
1.
In the administrator console, click the Services tab.
2.
In the list of services, find the service you want to remove. Click Disable.
3.
Click Disable.
4.
Click Remove.
9
Administrators
Administrators
5
The Enterprise Identity administrator console allows you to perform the following actions:
•
Add new administrators
•
Change entitlements for existing administrators
•
Remove administrators
Add an administrator
After you sign in to the Enterprise Identity administrator console, you can invite other administrators from your organization to
the Enterprise Identityadministrator console.
1.
Click Entitlements > Admins > Invite Users. Enter the administrator's enterprise email address.
2.
Click Send Invite.
The administrator receives an email message with a link to the BlackBerry Identity sign in page. The administrator has 24 hours
to sign in to BlackBerry Identity before the invitation expires. When the administrator signs in to the Enterprise Identity
administrator console, they are listed as an administrator on the Entitlements screen.
After the designated administrator completes the sign in process, the administrator can invite other administrators or users to
applications in the Enterprise Identity administrator console. Administrators can grant or remove access for other users, but
they cannot remove their own access.
Add multiple administrators
1.
Click Entitlements > Admins > Invite Users.
2.
Enter the distribution list email address or browse to a to a .csv file that contains a list of users.
3.
Click Send Invite.
The administrators receive an email message with a link to the BlackBerry Identity sign in page. The administrators have 24
hours to sign in to BlackBerry Identity before the invitation expires. When the administrator signs in to the Enterprise Identity
administrator console, they are listed as an administrator on the Entitlements screen.
After the administrator completes the sign in process, the administrator can invite other administrators or users to applications
in the Enterprise Identity administrator console. Administrators can grant or remove access for other users, but they cannot
remove their own access.
10
Administrators
Manage administrator entitlements
1.
In the left pane, click Entitlements.
2.
Click Admins.
3.
Click the triangle beside the administrator that you want to update. Do one of the following:
•
To resend an invitation, click Resend Invite.
•
To remove administrative access for the administrator, click Revoke Entitlement.
Remove an administrator
If an administrator or a user leaves your organization, you can delete them from the enterprise. When you delete an
administrator or a user, you revoke all of their entitlements that are managed by the Enterprise Identity administrator console.
Administrators and users must be deleted from the Enterprise Identity administrator console of one enterprise before they can
be added to the Enterprise Identity administrator console of another enterprise.
1.
In the left pane, click Administration.
2.
Beside an administrator's or a user's name, click Remove from enterprise.
3.
In the Are you sure? dialog box, click Yes.
11
Users
Users
6
When you add a user to a service, the user receives an email invitation from the Enterprise Identity administrator console. When
the user tries to use the service for the first time, the user must sign in using their BlackBerry ID. The user is not asked to sign in
again.
A user can sign in with an existing BlackBerry ID or create a BlackBerry ID from the invitation.
After a user signs in to BlackBerry ID, the user is listed in the Enterprise Identity administrator console as an accepted user.
Invite users to a service
1.
In the left pane, click Entitlements.
2.
Click the name of the service to entitle users for that service.
•
Click Invite Users if you are entering email addresses or will browse to a .csv file containing a list of users. Use
this method for BBM Protected, BBM Meetings, and other services that do not use LDAP. After entering the
addresses or selecting the file, click Send Invite.
After you invite a user to a service, the user receives an email with instructions to sign in with an existing BlackBerry ID or to
create a BlackBerry Identity account. The user has 24 hours to sign in to BlackBerry Identity before the invitation expires. After
a user signs in to BlackBerry Identity, they can use the features the service provides.
Manage users
Before you begin: In the Enterprise Identity administrator console, you can resend invitations to users or revoke users' ability to
use a service.
1.
In the left pane, click Entitlements.
2.
Click the name of the service.
3.
Click the triangle beside the user's name that you want to update. Do one of the following:
•
To resend an invitation, click Resend Invite.
•
To revoke a user's access, click Revoke Entitlement.
12
Glossary
Glossary
7
IP
Internet Protocol
NAT
network address translation
SaaS
Software as a Service
SAML
Security Assertion Markup Language
SSH
Secure Shell
13
Legal notice
Legal notice
8
©2015 BlackBerry. All rights reserved. BlackBerry® and related trademarks, names, and logos are the property of BlackBerry
Limited and are registered and/or used in the U.S. and countries around the world.
Android and Google Chrome are trademarks of Google Inc. Box is a trademark of Box, Inc. Concur is a trademark of Concur
Technologies, Inc. Dropbox is a trademark of Dropbox, Inc. Linux is a trademark of Linus Torvalds. Microsoft Active Directory
and Internet Explorer are trademarks of Microsoft Corporation. Mozilla Firefox is a trademark of Mozilla Foundation. Oracle VM
VirtualBox is a trademark of Oracle and/or its affiliates.Salesforce is a trademark of salesforce.com, inc. Safari and iOS are
trademarks of Apple Inc. Ubuntu is a trademark of Canonical Limited. Workday is a trademark of Workday, Inc. All other
trademarks are the property of their respective owners.
This documentation including all documentation incorporated by reference herein such as documentation provided or made
available on the BlackBerry website provided or made accessible "AS IS" and "AS AVAILABLE" and without condition,
endorsement, guarantee, representation, or warranty of any kind by BlackBerry Limited and its affiliated companies
("BlackBerry") and BlackBerry assumes no responsibility for any typographical, technical, or other inaccuracies, errors, or
omissions in this documentation. In order to protect BlackBerry proprietary and confidential information and/or trade secrets,
this documentation may describe some aspects of BlackBerry technology in generalized terms. BlackBerry reserves the right to
periodically change information that is contained in this documentation; however, BlackBerry makes no commitment to provide
any such changes, updates, enhancements, or other additions to this documentation to you in a timely manner or at all.
This documentation might contain references to third-party sources of information, hardware or software, products or services
including components and content such as content protected by copyright and/or third-party websites (collectively the "Third
Party Products and Services"). BlackBerry does not control, and is not responsible for, any Third Party Products and Services
including, without limitation the content, accuracy, copyright compliance, compatibility, performance, trustworthiness, legality,
decency, links, or any other aspect of Third Party Products and Services. The inclusion of a reference to Third Party Products
and Services in this documentation does not imply endorsement by BlackBerry of the Third Party Products and Services or the
third party in any way.
EXCEPT TO THE EXTENT SPECIFICALLY PROHIBITED BY APPLICABLE LAW IN YOUR JURISDICTION, ALL CONDITIONS,
ENDORSEMENTS, GUARANTEES, REPRESENTATIONS, OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING
WITHOUT LIMITATION, ANY CONDITIONS, ENDORSEMENTS, GUARANTEES, REPRESENTATIONS OR WARRANTIES OF
DURABILITY, FITNESS FOR A PARTICULAR PURPOSE OR USE, MERCHANTABILITY, MERCHANTABLE QUALITY, NONINFRINGEMENT, SATISFACTORY QUALITY, OR TITLE, OR ARISING FROM A STATUTE OR CUSTOM OR A COURSE OF
DEALING OR USAGE OF TRADE, OR RELATED TO THE DOCUMENTATION OR ITS USE, OR PERFORMANCE OR NONPERFORMANCE OF ANY SOFTWARE, HARDWARE, SERVICE, OR ANY THIRD PARTY PRODUCTS AND SERVICES
REFERENCED HEREIN, ARE HEREBY EXCLUDED. YOU MAY ALSO HAVE OTHER RIGHTS THAT VARY BY STATE OR
PROVINCE. SOME JURISDICTIONS MAY NOT ALLOW THE EXCLUSION OR LIMITATION OF IMPLIED WARRANTIES AND
CONDITIONS. TO THE EXTENT PERMITTED BY LAW, ANY IMPLIED WARRANTIES OR CONDITIONS RELATING TO THE
DOCUMENTATION TO THE EXTENT THEY CANNOT BE EXCLUDED AS SET OUT ABOVE, BUT CAN BE LIMITED, ARE HEREBY
LIMITED TO NINETY (90) DAYS FROM THE DATE YOU FIRST ACQUIRED THE DOCUMENTATION OR THE ITEM THAT IS THE
SUBJECT OF THE CLAIM.
14
Legal notice
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW IN YOUR JURISDICTION, IN NO EVENT SHALL BLACKBERRY
BE LIABLE FOR ANY TYPE OF DAMAGES RELATED TO THIS DOCUMENTATION OR ITS USE, OR PERFORMANCE OR NONPERFORMANCE OF ANY SOFTWARE, HARDWARE, SERVICE, OR ANY THIRD PARTY PRODUCTS AND SERVICES
REFERENCED HEREIN INCLUDING WITHOUT LIMITATION ANY OF THE FOLLOWING DAMAGES: DIRECT, CONSEQUENTIAL,
EXEMPLARY, INCIDENTAL, INDIRECT, SPECIAL, PUNITIVE, OR AGGRAVATED DAMAGES, DAMAGES FOR LOSS OF PROFITS
OR REVENUES, FAILURE TO REALIZE ANY EXPECTED SAVINGS, BUSINESS INTERRUPTION, LOSS OF BUSINESS
INFORMATION, LOSS OF BUSINESS OPPORTUNITY, OR CORRUPTION OR LOSS OF DATA, FAILURES TO TRANSMIT OR
RECEIVE ANY DATA, PROBLEMS ASSOCIATED WITH ANY APPLICATIONS USED IN CONJUNCTION WITH BLACKBERRY
PRODUCTS OR SERVICES, DOWNTIME COSTS, LOSS OF THE USE OF BLACKBERRY PRODUCTS OR SERVICES OR ANY
PORTION THEREOF OR OF ANY AIRTIME SERVICES, COST OF SUBSTITUTE GOODS, COSTS OF COVER, FACILITIES OR
SERVICES, COST OF CAPITAL, OR OTHER SIMILAR PECUNIARY LOSSES, WHETHER OR NOT SUCH DAMAGES WERE
FORESEEN OR UNFORESEEN, AND EVEN IF BLACKBERRY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW IN YOUR JURISDICTION, BLACKBERRY SHALL HAVE NO
OTHER OBLIGATION, DUTY, OR LIABILITY WHATSOEVER IN CONTRACT, TORT, OR OTHERWISE TO YOU INCLUDING ANY
LIABILITY FOR NEGLIGENCE OR STRICT LIABILITY.
THE LIMITATIONS, EXCLUSIONS, AND DISCLAIMERS HEREIN SHALL APPLY: (A) IRRESPECTIVE OF THE NATURE OF THE
CAUSE OF ACTION, DEMAND, OR ACTION BY YOU INCLUDING BUT NOT LIMITED TO BREACH OF CONTRACT,
NEGLIGENCE, TORT, STRICT LIABILITY OR ANY OTHER LEGAL THEORY AND SHALL SURVIVE A FUNDAMENTAL BREACH OR
BREACHES OR THE FAILURE OF THE ESSENTIAL PURPOSE OF THIS AGREEMENT OR OF ANY REMEDY CONTAINED
HEREIN; AND (B) TO BLACKBERRY AND ITS AFFILIATED COMPANIES, THEIR SUCCESSORS, ASSIGNS, AGENTS, SUPPLIERS
(INCLUDING AIRTIME SERVICE PROVIDERS), AUTHORIZED BLACKBERRY DISTRIBUTORS (ALSO INCLUDING AIRTIME
SERVICE PROVIDERS) AND THEIR RESPECTIVE DIRECTORS, EMPLOYEES, AND INDEPENDENT CONTRACTORS.
IN ADDITION TO THE LIMITATIONS AND EXCLUSIONS SET OUT ABOVE, IN NO EVENT SHALL ANY DIRECTOR, EMPLOYEE,
AGENT, DISTRIBUTOR, SUPPLIER, INDEPENDENT CONTRACTOR OF BLACKBERRY OR ANY AFFILIATES OF BLACKBERRY
HAVE ANY LIABILITY ARISING FROM OR RELATED TO THE DOCUMENTATION.
Prior to subscribing for, installing, or using any Third Party Products and Services, it is your responsibility to ensure that your
airtime service provider has agreed to support all of their features. Some airtime service providers might not offer Internet
browsing functionality with a subscription to the BlackBerry® Internet Service. Check with your service provider for availability,
roaming arrangements, service plans and features. Installation or use of Third Party Products and Services with BlackBerry's
products and services may require one or more patent, trademark, copyright, or other licenses in order to avoid infringement or
violation of third party rights. You are solely responsible for determining whether to use Third Party Products and Services and if
any third party licenses are required to do so. If required you are responsible for acquiring them. You should not install or use
Third Party Products and Services until all necessary licenses have been acquired. Any Third Party Products and Services that
are provided with BlackBerry's products and services are provided as a convenience to you and are provided "AS IS" with no
express or implied conditions, endorsements, guarantees, representations, or warranties of any kind by BlackBerry and
BlackBerry assumes no liability whatsoever, in relation thereto. Your use of Third Party Products and Services shall be governed
by and subject to you agreeing to the terms of separate licenses and other agreements applicable thereto with third parties,
except to the extent expressly covered by a license or other agreement with BlackBerry.
The terms of use of any BlackBerry product or service are set out in a separate license or other agreement with BlackBerry
applicable thereto. NOTHING IN THIS DOCUMENTATION IS INTENDED TO SUPERSEDE ANY EXPRESS WRITTEN
AGREEMENTS OR WARRANTIES PROVIDED BY BLACKBERRY FOR PORTIONS OF ANY BLACKBERRY PRODUCT OR SERVICE
OTHER THAN THIS DOCUMENTATION.
15
Legal notice
BlackBerry Enterprise Software incorporates certain third-party software. The license and copyright information associated with
this software is available at http://worldwide.blackberry.com/legal/thirdpartysoftware.jsp.
BlackBerry Limited
2200 University Avenue East
Waterloo, Ontario
Canada N2K 0A7
BlackBerry UK Limited
200 Bath Road
Slough, Berkshire SL1 3XE
United Kingdom
Published in Canada
16