Management system user authentication settings
You can manage user authentication settings for the desktop app in the BlackBerry AtHoc management console.
To update user authentication settings, complete the following steps:
- Log in to the BlackBerry AtHoc management console as an administrator.
- In the navigation bar, click the
(Settings) icon. - In the Users section, clickUser Authentication.
- Select the options you want according to the guidelines below.
- ClickSave.
Enable authentication methods
Select the check boxes to enable the following authentication methods for the desktop app:
- LDAP Attribute
- Smart Card
- Username and Password
- Windows Authentication (select either Username or Domain and Username)
Assign authentication methods to applications
In the User Authentication section, the items available in the Authentication Method list are determined by the options selected in the Enable Authentication Methods section.
- LDAP AttributeSelectLDAP attributefrom the Authentication Method list and provide an Attribute. The desktop app queries this attribute directly from the signed-in user's directory profile and sends it to the server.This option enables the desktop app to authenticate with an Active Directory attribute that the administrator chooses. This option allows the desktop app to operate while sending less user information to the server. When this option is selected, the desktop app does not send Windows usernames or domain names in SO and CU query strings.Select theCreate new user if an account is not foundcheck box to configure the desktop app to create a user at SO if the user does not already exist.This option requires desktop app version 6.2.x.271 or later.
- Smart CardSelectSmart Cardfrom the Authentication Method list to enable smart card authentication. Select the number of client certificates to collect. The recommended value is 3.Select theCreate new user if an account is not foundcheck box to configure the desktop app to create a user at SO if the user does not already exist.
- Defer to Self ServiceSelectDefer to Self Servicefrom the Authentication Method list to configure the desktop app to use the user authentication method selected for Self Service. When this method is selected, end users will see a login window. When the user clicks Log In, they are redirected to Self Service to complete the sign in process. This process depends on the authentication method selected by the administrator.If the Self Service authentication method is set to Username and Password, the users sees a registration window and must provide their first name, last name, username, password, confirm their password, and fill in a captcha. The user has the option to register as a new user or to sign in with their existing user credentials.If the Self Service authentication method is set to SmartCard, the user sees a certificate selection screen and must pick a certificate. They may also be required to enter a PIN.If the Self Service authentication type is set to Windows Authentication, the user sees a Windows credentials screen and must provide their username and password.If the Self Service authentication method is set to External URL, the user is sent to a configured external URL for Single Sign On (SSO).
- Windows AuthenticationSelectWindows Authenticationfrom the Authentication Method list to configure the desktop app to use only the user's Windows username or Windows username and domain. The Windows username is passed in parameter 05 during SO. See Appendix B: Desktop client URL parameters for more information about SO parameters.Select theCreate new user if an account is not foundcheck box to configure the desktop app to create a user at SO if the user does not already exist. New users are created with their Windows username as their username. If the Domain and Username option is selected in the Enable Authentication Methods section, the user is created with “DOMAIN\username” as Username, Mapping ID, First Name, Last Name, and Display Name.