Get the PDF

Configuring BlackBerry UEM Cloud for the first time
- Administrator permissions required to configure BlackBerry UEM
- Obtaining and activating licenses
Installing the BlackBerry Connectivity Node to connect to resources behind your organization's firewall
Configuring the BlackBerry Connectivity Node to use the BlackBerry Router or a TCP proxy server
- Sending data through a TCP proxy server to the BlackBerry Infrastructure
- Installing a standalone BlackBerry Router
Connecting BlackBerry UEM to Microsoft Azure
Linking company directory groups to BlackBerry UEM groups
Obtaining an APNs certificate to manage iOS and macOS devices
Configuring BlackBerry UEM for DEP
Configuring BlackBerry UEM to support Android Enterprise devices
Simplifying Windows 10 activations
- Integrating UEM with Azure Active Directory join
  - Integrate UEM with Azure Active Directory join
- Configuring Windows Autopilot in Microsoft Azure
  - Create a Windows Autopilot deployment profile in Azure
  - Import Windows Autopilot devices to Azure
Configuring BlackBerry UEM Cloud to support BlackBerry Dynamics apps
Configuring an on-premises BEMS in a BlackBerry UEM Cloud environment
Migrating users, devices, groups, and other data from a source server

Install and configure the
BlackBerry Connectivity Node

Download the installation and activation files for the BlackBerry Connectivity Node .

Open the

BlackBerry Connectivity Node

installation file (.exe) that you downloaded from the management console.

If a

Windows

message appears and requests permission to make changes to the computer, click

Yes

Choose your language. Click

Click

Select your country or region. Read and accept the license agreement. Click

The installation program verifies that your computer meets the installation requirements. Click

To change the installation file path, click

...

and navigate to the file path that you want to use. Click

Install

When the installation completes, click

The address of the

BlackBerry Connectivity Node

console is displayed (http:/localhost:8088). Click the link and save the site in your browser.

Select your language. Click

When you activate the

BlackBerry Connectivity Node

, it sends data over port 443 (HTTPS) to the

BlackBerry Infrastructure

(<region>.bbsecure.com). After it is activated, the

BlackBerry Connectivity Node

uses port 3101 (TCP) for all other outbound connections through the

BlackBerry Infrastructure

. If you want to send data from the

BlackBerry Connectivity Node

through an existing proxy server behind your organization's firewall, click

Click here to configure the proxy settings for your organization’s environment

, select the

Proxy server

option, and do any of the following:

To send activation data through a proxy server, in the

Enrollment proxy

fields, type the FQDN or IP address and the port number of the proxy server. The proxy server must be able to send data over port 443 to <region>.bbsecure.com. Click

Save

To send other outbound connections from the components of the

BlackBerry Connectivity Node

through a proxy server, in the appropriate fields, type the FQDN or IP address and the port number of the proxy server. The proxy server must be able to send data over port 3101 to <region>.bbsecure.com. Click

Save

In the

Friendly name

field, type a name for the

BlackBerry Connectivity Node

. Click

Click

Browse

. Select the activation file that you downloaded from the management console.

Click

Activate

If you want to add a

BlackBerry Connectivity Node

instance to an existing server group when you activate it, your organization's firewall must allow connections from that server over port 443 through the

BlackBerry Infrastructure

(<region>.bbsecure.com) to activate the

BlackBerry Connectivity Node

and to the same bbsecure.com region as the main

BlackBerry Connectivity Node

instance.

In the drop-down list, click the type of company directory that your organization uses.

Click

Configure

Follow the steps for your organization’s directory type:

Directory type	Steps
Microsoft Active Directory	In the Username field, type the username of the Microsoft Active Directory account. In the Domain field, type the FQDN of the domain that hosts Microsoft Active Directory . For example, domain.example.com. In the Password field, type the password of the Microsoft Active Directory account. In the Domain controller discovery drop-down list, click one of the following: If you want to use automatic discovery, click Automatic . If you want to specify the domain controller computer, click Select from list below . Click + and type the FQDN of the computer. Repeat this step to add more computers. In the Global catalog search base field, type the search base that you want to access (for example, OU=Users,DC=example,DC=com). To search the entire Global Catalog, leave the field blank. In the Global catalog discovery drop-down list, click one of the following: If you want to use automatic catalog discovery, click Automatic . If you want to specify the catalog computer, click Select from list below . Click + and type the FQDN of the computer. If necessary, repeat this step to specify more computers. If you want to enable support for linked Microsoft Exchange mailboxes, in the Support for linked Microsoft Exchange mailboxes drop-down list, click Yes . To configure the Microsoft Active Directory account for each forest that you want BlackBerry UEM Cloud to access, in the List of account forests section, click . Specify the forest name, user domain name (the user can belong to any domain in the account forest), username, and password. Click Save .
LDAP directory	In the LDAP server discovery drop-down list, click one of the following: If you want to use automatic discovery, click Automatic . In the DNS domain name field, type the DNS domain name. If you want to specify the LDAP computer, click Select server from list below . Click + and type the FQDN of the computer. Repeat this step to add more computers. In the Enable SSL drop-down list, select whether you want to enable SSL authentication for LDAP traffic. If you click Yes , click Browse and select the SSL certificate for the LDAP computer. In the LDAP port field, type the port number of the LDAP computer. In the Authorization required drop-down list, select whether BlackBerry UEM Cloud must authenticate with the LDAP computer. If you click Yes , type the username and password of the LDAP account. The username must be in DN format (for example, CN=Megan Ball,OU=Sales,DC=example,DC=com). In the Search base field, type the search base that you want to access (for example, OU=Users,DC=example,DC=com). In the LDAP user search filter field, type the filter that you want to use for LDAP users. For example: (&(objectCategory=person)(objectclass=user)(memberOf=CN=Local,OU=Users,DC=example,DC=com)). In the LDAP user search scope drop-down list, click one of the following: If you want user searches to apply to all levels below the base DN, click All levels . If you want to limit user searches to one level below the base DN, click One level . In the Unique identifier field, type the attribute for each user’s unique identifier (for example, uid). The attribute must be immutable and globally unique for every user. In the First name field, type the attribute for each user’s first name (for example, givenName). In the Last name field, type the attribute for each user’s last name (for example, sn). In the Login attribute field, type the attribute for each user’s login attribute (for example, cn). This attribute is used for the value that users type to log in to BlackBerry UEM Self-Service with their directory credentials. In the Email address field, type the attribute for each user’s email (for example, mail). In the Display name field, type the attribute for each user’s display name (for example, displayName). To enable directory-linked groups, select the Enable directory-linked groups check box. For more information about directory-linked groups, see Linking company directory groups to BlackBerry UEM groups. Click Save .

Directory type

Steps

Microsoft Active Directory

In the

Username

field, type the username of the

Microsoft Active Directory

account.

In the

Domain

field, type the FQDN of the domain that hosts

Microsoft Active Directory

. For example, domain.example.com.

In the

Password

field, type the password of the

Microsoft Active Directory

account.

In the

Domain controller discovery

drop-down list, click one of the following:

If you want to use automatic discovery, click

Automatic

If you want to specify the domain controller computer, click

Select from list below

. Click

and type the FQDN of the computer. Repeat this step to add more computers.

In the

Global catalog search base

field, type the search base that you want to access (for example, OU=Users,DC=example,DC=com). To search the entire Global Catalog, leave the field blank.

In the

Global catalog discovery

drop-down list, click one of the following:

If you want to use automatic catalog discovery, click

Automatic

If you want to specify the catalog computer, click

Select from list below

. Click

and type the FQDN of the computer. If necessary, repeat this step to specify more computers.

If you want to enable support for linked

Microsoft Exchange

mailboxes, in the

Support for linked Microsoft Exchange mailboxes

drop-down list, click

Yes

To configure the

Microsoft Active Directory

account for each forest that you want

BlackBerry UEM Cloud

to access, in the

List of account forests

section, click The Add icon

. Specify the forest name, user domain name (the user can belong to any domain in the account forest), username, and password.

Click

Save

LDAP directory

In the

LDAP server discovery

drop-down list, click one of the following:

If you want to use automatic discovery, click

Automatic

. In the

DNS domain name

field, type the DNS domain name.

If you want to specify the LDAP computer, click

Select server from list below

. Click

and type the FQDN of the computer. Repeat this step to add more computers.

In the

Enable SSL

drop-down list, select whether you want to enable SSL authentication for LDAP traffic. If you click

Yes

, click

Browse

and select the SSL certificate for the LDAP computer.

In the

LDAP

port field, type the port number of the LDAP computer.

In the

Authorization required

drop-down list, select whether

BlackBerry UEM Cloud

must authenticate with the LDAP computer. If you click

Yes

, type the username and password of the LDAP account. The username must be in DN format (for example, CN=Megan Ball,OU=Sales,DC=example,DC=com).

In the

Search base

field, type the search base that you want to access (for example, OU=Users,DC=example,DC=com).

In the

LDAP user search filter

field, type the filter that you want to use for LDAP users. For example: (&(objectCategory=person)(objectclass=user)(memberOf=CN=Local,OU=Users,DC=example,DC=com)).

In the

LDAP user search scope

drop-down list, click one of the following:

If you want user searches to apply to all levels below the base DN, click

All levels

If you want to limit user searches to one level below the base DN, click

One level

In the

Unique identifier

field, type the attribute for each user’s unique identifier (for example, uid). The attribute must be immutable and globally unique for every user.

In the

First name

field, type the attribute for each user’s first name (for example, givenName).

In the

Last name

field, type the attribute for each user’s last name (for example, sn).

In the

field, type the attribute for each user’s login attribute (for example, cn). This attribute is used for the value that users type to log in to

BlackBerry UEM Self-Service

with their directory credentials.

In the

Email address

field, type the attribute for each user’s email (for example, mail).

In the

Display name

field, type the attribute for each user’s display name (for example, displayName).

To enable directory-linked groups, select the

Enable directory-linked groups

check box. For more information about directory-linked groups, see Linking company directory groups to BlackBerry UEM groups.

Click

Save

In the management console, click

Settings > External integration > BlackBerry Connectivity Node setup

In the

Step 4: Test connection

section, click

To view the status of a

BlackBerry Connectivity Node

instance, in the management console, on the menu bar, click

Settings > External integration > BlackBerry Connectivity Node status

To install a second

BlackBerry Connectivity Node

instance for redundancy, download another set of installation and activation files and repeat this task on a different computer. Use the same directory configuration. This should be done after the first instance has been activated.

If necessary, configure proxy settings for the

BlackBerry Connectivity Node

. For instructions, see Configuring the BlackBerry Connectivity Node to use the BlackBerry Router or a TCP proxy server.

To change the directory settings that you configured, in the

BlackBerry Connectivity Node

console (http:/localhost:8088), click

General settings > Company directory

. Click

for the directory connection.