UEM Configuration

From idenprotect Knowledge Base
Jump to: navigation, search

If you have not made any configuration changes yet, please see How to make configuration changes

Introduction

To configure the idenprotect Core Platform to connect to a UEM server you will need to update the UEM properties. idenprotect Core Platform supports multiple UEM server connections (if you have users on different instances).

For more information about the UEM in general, please see our UEM Guide

During the enrollment process, you can specify that a User must also enter a special One Time Passcode to complete the process. This code is emailed out to the user.


Configuring UEM

This configuration can be found in: -

  • UEM Configuration section in the idenprotect Core Platform Admin Console Config Tab
  • Server file system in /etc/idenprotect/uem.properties
Parameters for UEM Server
Parameter in Config Tab Parameter in Properties File Description
Allow Self Signed Certificates? uem.server.allow.self.signed This property allows idenprotect Core Platform to connect to the UEM server which is using a self signed certificate. If nothing is entered, this will default to true, allowing self signed certificates.
Credential Profile Name uem.user.credential.profile.name This property should be set to the name of the UEM User Credential profile (or few) that will be used for the device-based certificates. By default it is set to idenprotect and will be used by the idenprotect for BlackBerry to import a P12 to the BlackBerry runtime. If setting multiple Credebtial Profiles, each name should be seperated by comma.
Password uem.server.password This property is for the password of the UEM user which is allowed to use REST API calls.
Provider uem.server.provider UEM Server Provider property should currently be set to "LOCAL" by default. This value may change if BlackBerry will allow API calls to the UEM Cloud instances.
Server URL uem.server.url This property should be set to the UEM Server URL with the port 18084 at the end. Make sure that the port 18084 is open in the firewall. Default value is set to idenprotect UEM server https://uem-eng-001.idenprotect.net:18084/ as an example of how it should look.
Tenant ID uem.server.tenant.id UEM Tenant ID is a unique ID for each UEM Server installation. The Tenant ID can be found on the UEM Server, if you login and click on the help button (top right) and from the drop down menu choose "About BlackBerry UEM" in the popup box the Tenant ID will be under SRP ID.
Username uem.server.username This property is for the username of the UEM user which is allowed to use REST API calls.


Supporting multiple UEM instances

To set up the UEM configuration to support multiple UEM server, please take note of the following guidance: If you want to set up the UEM Properties for multiple UEM Servers you will need to:

  • All server URLs can be entered into the Server URL property, they will need to be separated by the "." character.
  • You may use the same username/password for each UEM server, in this case, there is no need to add same values separated by a "," character and just have a single value for password and username which will be re-used for each UEM server integration.
  • Allow Self Signed Certificates is a global property and will be used for each UEM server connection
  • Provider is also global property and will be used for each UEM server connection
  • All Tenant IDs can be entered into the Tenant ID property, they will need to be separated by the "." character. Note that you must enter a single entry or the same number of entries as there are UEM servers. For example, if there are 3 UEM Server URLs (http://uem.idenprotect.com:18084/, http://uem.idenprotect1.com:18084/,http://uem.idenprotect2.com:18084/) you cannot have just 2 UEM Tenant IDs (S12345678, S87654321). If the number of Tenant ID's does not match the number of Server URLs, only the first Tenant ID will be used for each server connection.


Testing the SMTP Connection

At the bottom of the UEM Configuration page (that can be found by navigating to CONFIG -> UEM Configuration) there is a UEM Connection Test button. It allows you to test the configuration before committing the changes and re-testing after they are already saved.