BlackBerry Persona Mobile Administration Guide

BlackBerry Persona Mobile

Administration Guide

2020-11-19Z

||2

Persona Mobile software requirements.............................................................4

Using the BlackBerryPersona Analytics Portal................................................. 6

Steps to configure and use Persona Mobile......................................................7

Enable Persona Mobile in your UEM domain...................................................................................................... 7

Assign theBlackBerry Personaadministrator role to an administrator.............................................................8

Specify how long Persona Mobile retainsdata...................................................................................................8

Customize therisk engines................................................................................................................................... 9

Createuser groups to define security standards for different risk levels....................................................... 10

Create a BlackBerry Dynamics override profile................................................................................................. 10

Add trusted or untrusted IP addresses.............................................................................................................. 11

Define geozones...................................................................................................................................................11

Create a BlackBerry Persona policy................................................................................................................... 12

RankBlackBerry Personapolicies...........................................................................................................14

Resolving conflicting assignments and precedence rules.................................................................... 14

Assign a BlackBerry Persona policy to users and groups................................................................................15

Create a BlackBerry Enterprise Identity authentication policy..........................................................................16

Change theoperating mode................................................................................................................................17

Guidelines for developing risk models....................................................................................................17

View user and event statistics........................................................................ 19

Developing apps that leverageBlackBerry Persona.........................................20

Legal notice.................................................................................................... 21

||iii

Persona Mobile software requirements

Requirement Description

BlackBerry UEM BlackBerry Persona Mobile is supported in:

• BlackBerry UEM Cloud

• BlackBerry UEM version 12.13

You must purchase BlackBerry Persona licenses to enable the service for users. Contact your BlackBerry representative or complete a contact form for more information.

After BlackBerry applies the licenses, see Enable Persona Mobile in your UEM

domain.

For more information about configuring and managing UEM, see the

BlackBerry UEM documentation.

BlackBerry Persona entitlement

Enforcing BlackBerry 2FA authentication

After BlackBerry Persona licenses are added for your organization, you will receive a BlackBerry Persona entitlement. The entitlement information that you will see in the management console is:

• App name: BlackBerry Persona entitlement

• BlackBerry Dynamics entitlement ID: com.blackberry.entitlement.geoanalytics

You must assign this entitlement to BlackBerry Dynamics appusers so that Persona can receive and process behavioral and location data from the apps. You can assign the entitlement to all users, specific user groups, or specific user accounts based on your organization's needs. After assigning the entitlement, it may take up to 24 hours for the accounts and data to be ready.

If you want to use BlackBerry Enterprise Identity authentication profiles to enforce BlackBerry 2FA authentication, you must enable BlackBerry 2FA for users' devices.For more information, see Steps to manage BlackBerry 2FA in

BlackBerry UEM in the BlackBerry 2FA Administration content.

|Persona Mobile software requirements|4

Requirement Description

BlackBerry Dynamics apps with the BlackBerry Analytics SDK

Device connections to the Persona services

Use the following versions of BlackBerry Dynamics appsto ensure that the apps have the required versions of the BlackBerry Dynamics SDK and the BlackBerry Analytics SDK:

• BlackBerry Work version 3.2 or later

• BlackBerry Tasks version 3.2 or later

• BlackBerry Notes version 3.2 or later

• BlackBerry Connect version 3.2 or later

• BlackBerry Access version 3.1 or later

• BlackBerry UEM Client for iOS (latest)

• BlackBerry UEM Client for Android (latest)

For more information about adding and distributing BlackBerry Dynamics apps in a UEM domain, see Managing BlackBerry Dynamics apps.

Note: Within the settings of each BlackBerry Dynamics app, users can enable or disable Persona (by default, it is enabled). If it is disabled, Protect cannot collect data and events from the app. Encourage users to enable this setting to ensure that Persona can build and use an accurate risk model.

For optimal performance, BlackBerry recommends permitting a direct connection between devices and the Persona services.In the BlackBerry Dynamics connectivity profiles that are assigned to users, in the App server section, add the BlackBerry Persona entitlement.Add the following app servers:

• receiver.analytics.blackberry.com

• discovery.bis.blackberry.com

• scoring.bissanalytics.blackberry.com

• service.bis.blackberry.com

• actor.ca1.bis.blackberry.com

For each app server, specify port 443, primary priority, and a direct connection.

Alternatively, you can manage device connections to theservices using other configuration options available in the BlackBerry Dynamics connectivity profile. For more information, see Create a BlackBerry Dynamics connectivity

profile in the UEM Administration content.

|Persona Mobile software requirements|5

Using the BlackBerryPersona Analytics Portal

You configure and manage BlackBerry Persona using a browser-based console known as the BlackBerryPersona Analytics Portal. Persona administrators can use one of the following methods to access the portal:

• Browse to https://personaanalytics.blackberry.com/<Organization_SRP_ID>

• In the UEM management console, on the menu bar,click BlackBerry Persona > Analytics.

You use the UEM management console to enable BlackBerry Persona and to assign Persona administrator roles

to users.You perform all other configuration and management tasks in the portal.

By default, privacy mode is enabled in the portal to mask exact information about user locations fromadministrators. While enabled, the portal displays general location information for users and events instead of precise information such as a street address. Similarly, map views are zoomed out to provide accurate but nonintrusive location information.An administrator with the Persona Administrator role can disable (or re-enable) privacy mode in Settings > General settings > Privacy mode (this action is written to the log file). Administrators with the Persona Analytics Administrator role cannot change the privacy mode.

|Using the BlackBerryPersona Analytics Portal|6

Steps to configure and use Persona Mobile

The tasks in this section must be completed by a UEM administrator with the Security Administrator role.

Step Action

Enable Persona Mobile in your UEM domain.

Assign theBlackBerry Personaadministrator role to an administrator.

Optional customization:

• Specify how long Persona Mobile retainsdata

• Customize therisk engines

Create UEM user groups that you will associate with risk levels.

Optional: Define geozones to enforce security standards for specific locations.

Create a BlackBerry Persona policy.

Assign a BlackBerry Persona policy to users and groups.

Create a BlackBerry Enterprise Identity authentication policy to set the authentication

requirements for different risk levels.Assign the policy to users and groups.

Change theoperating mode.

View user and event statistics.

Enable Persona Mobile in your UEM domain

Before you begin:

• Contact your BlackBerry representative to purchase Persona Mobile licenses. After BlackBerry adds the licenses for your organization, complete the steps below.

• If you decide to use BlackBerry Persona in trial mode before you purchase licenses, follow the instructions provided by BlackBerry to enable the feature in a new or existing UEM instance. If you set up a new UEM instance, see the UEM documentation for installation and configuration instructions. After your trial period ends, you can purchase and add BlackBerry Persona licenses to the UEM domain.

|Steps to configure and use Persona Mobile|7

+ 15 hidden pages

BlackBerry Persona Mobile Administration Guide

Contents

Persona Mobile software requirements

Steps to configure and use Persona Mobile

Enable Persona Mobile in your UEM domain