Configuring software tokens for
BlackBerry devices
The BlackBerry Enterprise Server is designed to work with the RSA Authentication Manager to provide software token
support for use with layer 2 and layer 3 Wi-Fi authentication on Wi-Fi enabled BlackBerry devices.
When you configure a software token for users, BlackBerry devices are designed to use the passcode to authenticate the
users to the Wi-Fi network and VPNs automatically using the PEAPv1, EAP-GTC, and EAP-TTLS or EAP-GTC authentication
methods.
You can configure multiple software tokens for each user. For example, you can configure one software token that a user
can use with Wi-Fi authentication and a second software token that a user can use with VPN authentication. When users try
to open a Wi-Fi or VPN connection that requires two-factor authentication on the BlackBerry devices, the BlackBerry
devices prompt the users to type the software token PIN and submit the current tokencode for the connection type to
create the passcode for two-factor authentication.
For more information about how the BlackBerry Enterprise Server supports software tokens, see the
BlackBerry Enterprise
Solution Security Technical Overview
.
Prerequisites: Configuring BlackBerry
devices for RSA authentication
To perform tasks in the RSA Authentication Manager, see the RSA Authentication Manager documentation, and the
documentation for the RSA SecurID token.
• In the RSA Authentication Manager, configure the following policies for the PINs of the software tokens in your
organization's environment:
• whether a PIN is required for authentication
• whether a PIN is defined by the user or generated by the RSA Authentication Manager
• whether a PIN is alphanumeric or numeric only
• whether a PIN has a fixed length or a variable length, with a minimum of four characters and a maximum of eight
characters
21
Administration Guide
Configuring software tokens for BlackBerry devices
262