BlackBerry Persona Mobile Administration Guide
BlackBerry Persona Mobile
Administration Guide
2020-11-19Z
| | 2
Contents
Persona Mobile software requirements............................................................. |
4 |
Using the BlackBerry Persona Analytics Portal................................................. |
6 |
Steps to configure and use Persona Mobile...................................................... |
7 |
Enable Persona Mobile in your UEM domain...................................................................................................... |
7 |
Assign the BlackBerry Persona administrator role to an administrator............................................................. |
8 |
Specify how long Persona Mobile retains data................................................................................................... |
8 |
Customize the risk engines................................................................................................................................... |
9 |
Create user groups to define security standards for different risk levels....................................................... |
10 |
Create a BlackBerry Dynamics override profile................................................................................................. |
10 |
Add trusted or untrusted IP addresses.............................................................................................................. |
11 |
Define geozones................................................................................................................................................... |
11 |
Create a BlackBerry Persona policy................................................................................................................... |
12 |
Rank BlackBerry Persona policies........................................................................................................... |
14 |
Resolving conflicting assignments and precedence rules.................................................................... |
14 |
Assign a BlackBerry Persona policy to users and groups................................................................................ |
15 |
Create a BlackBerry Enterprise Identity authentication policy.......................................................................... |
16 |
Change the operating mode................................................................................................................................ |
17 |
Guidelines for developing risk models.................................................................................................... |
17 |
View user and event statistics........................................................................ |
19 |
Developing apps that leverage BlackBerry Persona......................................... |
20 |
Legal notice.................................................................................................... |
21 |
| | iii
Persona Mobile software requirements
Requirement |
Description |
|
|
BlackBerry UEM |
BlackBerry Persona Mobile is supported in: |
|
• BlackBerry UEM Cloud |
|
• BlackBerry UEM version 12.13 |
|
You must purchase BlackBerry Persona licenses to enable the service for |
|
users. Contact your BlackBerry representative or complete a contact form for |
|
more information. |
|
After BlackBerry applies the licenses, see Enable Persona Mobile in your UEM |
|
domain. |
|
For more information about configuring and managing UEM, see the |
|
BlackBerry UEM documentation. |
|
|
BlackBerry Persona |
After BlackBerry Persona licenses are added for your organization, you will |
entitlement |
receive a BlackBerry Persona entitlement. The entitlement information that |
|
you will see in the management console is: |
|
• App name: BlackBerry Persona entitlement |
|
• BlackBerry Dynamics entitlement ID: |
|
com.blackberry.entitlement.geoanalytics |
|
You must assign this entitlement to BlackBerry Dynamics app users so that |
|
Persona can receive and process behavioral and location data from the |
|
apps. You can assign the entitlement to all users, specific user groups, or |
|
specific user accounts based on your organization's needs. After assigning |
|
the entitlement, it may take up to 24 hours for the accounts and data to be |
|
ready. |
|
|
Enforcing BlackBerry 2FA |
If you want to use BlackBerry Enterprise Identity authentication profiles to |
authentication |
enforce BlackBerry 2FA authentication, you must enable BlackBerry 2FA for |
|
users' devices. For more information, see Steps to manage BlackBerry 2FA in |
|
BlackBerry UEM in the BlackBerry 2FA Administration content. |
|
|
| Persona Mobile software requirements | 4
|
Requirement |
Description |
|
|
|
|
|
|
|
|
BlackBerry Dynamics apps |
Use the following versions of BlackBerry Dynamics apps to ensure that the |
|
|
|
with the BlackBerry Analytics |
apps have the required versions of the BlackBerry Dynamics SDK and the |
|
|
|
SDK |
BlackBerry Analytics SDK: |
|
|
|
|
• BlackBerry Work version 3.2 or later |
|
|
|
|
• BlackBerry Tasks version 3.2 or later |
|
|
|
|
• BlackBerry Notes version 3.2 or later |
|
|
|
|
• BlackBerry Connect version 3.2 or later |
|
|
|
|
• BlackBerry Access version 3.1 or later |
|
|
|
|
• BlackBerry UEM Client for iOS (latest) |
|
|
|
|
• BlackBerry UEM Client for Android (latest) |
|
|
|
|
For more information about adding and distributing BlackBerry Dynamics apps |
|
|
|
|
in a UEM domain, see Managing BlackBerry Dynamics apps. |
|
|
|
|
Note: Within the settings of each BlackBerry Dynamics app, users can enable |
|
|
|
|
or disable Persona (by default, it is enabled). If it is disabled, Protect cannot |
|
|
|
|
collect data and events from the app. Encourage users to enable this setting |
|
|
|
|
to ensure that Persona can build and use an accurate risk model. |
|
|
|
|
|
|
|
|
Device connections to the |
For optimal performance, BlackBerry recommends permitting a direct |
||
|
Persona services |
connection between devices and the Persona services. In the BlackBerry |
||
|
|
Dynamics connectivity profiles that are assigned to users, in the App server |
||
|
|
section, add the BlackBerry Persona entitlement. Add the following app |
||
|
|
servers: |
||
|
|
• |
receiver.analytics.blackberry.com |
|
|
|
• |
discovery.bis.blackberry.com |
|
|
|
• |
scoring.bissanalytics.blackberry.com |
|
|
|
• |
service.bis.blackberry.com |
|
|
|
• |
actor.ca1.bis.blackberry.com |
|
For each app server, specify port 443, primary priority, and a direct connection.
Alternatively, you can manage device connections to the services using other configuration options available in the BlackBerry Dynamics connectivity profile. For more information, see Create a BlackBerry Dynamics connectivity profile in the UEM Administration content.
| Persona Mobile software requirements | 5
Using the BlackBerry Persona Analytics Portal
You configure and manage BlackBerry Persona using a browser-based console known as the BlackBerry Persona Analytics Portal. Persona administrators can use one of the following methods to access the portal:
•Browse to https://personaanalytics.blackberry.com/<Organization_SRP_ID>
•In the UEM management console, on the menu bar, click BlackBerry Persona > Analytics.
You use the UEM management console to enable BlackBerry Persona and to assign Persona administrator roles to users. You perform all other configuration and management tasks in the portal.
By default, privacy mode is enabled in the portal to mask exact information about user locations
from administrators. While enabled, the portal displays general location information for users and events instead of precise information such as a street address. Similarly, map views are zoomed out to provide accurate but nonintrusive location information. An administrator with the Persona Administrator role can disable (or re-enable) privacy mode in Settings > General settings > Privacy mode (this action is written to the log file). Administrators with the Persona Analytics Administrator role cannot change the privacy mode.
| Using the BlackBerry Persona Analytics Portal | 6
Steps to configure and use Persona Mobile
The tasks in this section must be completed by a UEM administrator with the Security Administrator role.
Step Action
Enable Persona Mobile in your UEM domain.
Assign the BlackBerry Persona administrator role to an administrator.
Optional customization:
•Specify how long Persona Mobile retains data
•Customize the risk engines
Create UEM user groups that you will associate with risk levels.
Optional: Define geozones to enforce security standards for specific locations.
Create a BlackBerry Persona policy.
Assign a BlackBerry Persona policy to users and groups.
Create a BlackBerry Enterprise Identity authentication policy to set the authentication requirements for different risk levels. Assign the policy to users and groups.
Change the operating mode.
View user and event statistics.
Enable Persona Mobile in your UEM domain
Before you begin:
•Contact your BlackBerry representative to purchase Persona Mobile licenses. After BlackBerry adds the licenses for your organization, complete the steps below.
•If you decide to use BlackBerry Persona in trial mode before you purchase licenses, follow the instructions provided by BlackBerry to enable the feature in a new or existing UEM instance. If you set up a new UEM instance, see the UEM documentation for installation and configuration instructions. After your trial period ends, you can purchase and add BlackBerry Persona licenses to the UEM domain.
| Steps to configure and use Persona Mobile | 7
Loading...