BlackBerry Cylance Multi Tenant Console User Guide
- June 8, 2024
- BlackBerry
Table of Contents
- What is the Cylance Multi-Tenant Console?
- Supported browsers for the Cylance Multi-Tenant Console
- Signing into the Cylance Multi-Tenant Console
- View and manage your account
- Creating partner users in the Cylance Multi-Tenant Console
- Managing tenants in the Cylance Multi-Tenant Console
- Managing device policies from the Cylance Multi-Tenant Console
- Using linked policy templates
- Generating an API token for the Cylance Multi-Tenant Console
- Legal notice
- References
- Read User Manual Online (PDF format)
- Download This Manual (PDF format)
Cylance Multi-Tenant Console
Administration Guide
What is the Cylance Multi-Tenant Console?
Cylance Endpoint Security detects, protects against, and remediates threats on
an organization’s devices using an AI-powered solution for Zero Trust across
devices, networks, apps, and people. The Zero Trust approach modernizes
network security while simultaneously enhancing and improving the network
experience for end users. The Zero Trust security model trusts nothing and no
one by default, including users inside the work network. For more information
about Cylance Endpoint Security, see the Cylance Endpoint Security
documentation.
The Cylance Multi-Tenant Console integrates the security capabilities of
Cylance Endpoint Security services into an environment that centralizes your
tenant management activities. From the console, you can create and manage the
tenants you support, their users, and device policies. Each tenant resides in
its own environment within the console, which makes it easy for you to switch
from one tenant to another.
Supported browsers for the Cylance Multi-Tenant Console
Item | Requirements |
---|---|
Browser | • Latest version of: |
• Google Chrome
• Mozilla Firefox
• Microsoft Edge
Signing into the Cylance Multi-Tenant Console
If your organization is new to the Cylance Multi-Tenant Console, BlackBerry will send an email invitation to an administrator account that you’ve provided with a link to create a sign-in password. When this administrator signs in to the console, they can create users for your organization. Console users receive an email invitation with a link to create a password for their account. They can then sign in at https://admin.cylance.com and use their work email address as their username.
Configuring single sign-on for the Cylance Multi-Tenant Console
The Cylance Multi-Tenant Console supports single sign-on (SSO) user
authentication with any identity provider (IdP) that uses SAML 2.0.
For more information about single sign-on, visit
support.blackberry.com to read KB66452.
Configure SAML for the Cylance Multi-Tenant Console
- In the Cylance Multi-Tenant Console, hover over and click Account Overview.
- Under Authentication Settings, click .
- Turn on Enable SSO.
- In the Provider drop-down list, click your IdP provider. If your IdP is not listed, click Custom.
- In the X.509 certificate field, paste your X.509 certificate information. Include —–BEGIN CERTIFICATE—– before the certificate text and—–END CERTIFICATE—– after it.
- In the Login URL field, paste the login URL provided by the IdP.
- Click .
Use SSO to log in to the Cylance Multi-Tenant Console
After you configure the Cylance Multi-Tenant Console to use your IdP
authentication, users in your organization can then login using SSO.
- Visit https://admin.cylance.com/#/auth/external-login.
- In the Email field, type your work email address.
- In the Region drop-down list, click the appropriate region.
- Click Sign In.
- On the IdP authentication page, specify your IdP username and password.
- Click Sign In.
Configure SAML using an IDP
You can configure SSO for the Cylance Multi-Tenant Console using any IDP that
supports SAML 2.0. When you configure SSO, type the information listed below
in the appropriate fields.
Field | User input |
---|---|
Entity ID, Issuer, Application name | CylancePROTECTMulti-TenantConsole |
Field | User input |
Sign-on URL, SAML response URL |
Configure an ADFS trust
When you configure a relying party trust, type the information listed below in
the appropriate fields.
Field | User input |
---|---|
Relying Party Identifier | Cylance Multi-Tenant Console |
Turn off password login to enable single sign-on
With single sign-on (SSO) enabled, you might need to turn off the option for
administrators to log in to the Cylance Multi-Tenant Console using an email
address and password. For security purposes, an organization may require their
users to log in using an external identity provider only.
- In the Cylance Multi-Tenant Console, hover over and click Account Overview.
- In the Authentication Settings section, click .
- Turn off Password Login.
- Click .
Using time-based one-time password authentication
You can configure Cylance Multi-Tenant Console to work with a multi-factor authentication app and use a timebased one-time password as a second-factor authentication method. After you enable time-based one-time password authentication, when a user logs in to the console for the first time, they will be provided with a QR code that allows them to enroll with a multi-factor authentication app such as Google Authenticator, Microsoft Authenticator, Okta Verify, or Authy.
Configure time-based one-time password authentication
- In the Multi-Tenant Console, hover-over and select Account Overview.
- Under Authentication Settings, click .
- Click the Time-based OTP option. Note that you must enable the Password Login setting first.
- In the Time-Step Window section, select a number of intervals in the drop-down list. Any code within the window is valid if it precedes or follows the expected code by the number of refresh intervals that you specify. The refresh interval is 30 seconds, and the default setting is 1.
- Click Save.
Disable time-based one-time password authentication for a user
You can disable time-based one-time password authentication for individual
users.
- In the Multi-Tenant Console, click Partner Users.
- On the Partner Users tab, click for the user you want to edit.
- Disable the time-based one-time password authentication option for the user.
Note: If the user was enrolled with time-based one-time password before you disable it, the user to continue using their previous enrollment with the multi-factor authentication app when you re-enable it.
View which users are configured to use time-based one-time password
authentication
On the Partner Users page, in the OTP column, you can see which user is
enabled for time-based one-time password authentication. Note that you can
filter on the OTP column.
Enroll with multi-factor authentication
The first time users log in to the console after you have enabled time-based
one-time password authentication, they will be asked to enroll with a multi-
factor authentication app using a QR code.
- On the Multi-Tenant Console sign-in page, enter your credentials.
- Click Continue.
- Open your organization’s authentication app on your device, and on the Multi-factor enrollment page, scan the QR code.
- In the One time password field, enter the six digit code that is displayed in your organization’s authentication app on your device.
- Click Sign in.
Note: You can click Skip for now up to three times to sign in without entering a one-time password.
Sign in to the Multi-tenant console using a one-time password
- On the Multi-Tenant Console log in page, enter your credentials.
- Click Continue.
- In the One time password field, enter the six digit code that displays on your device in your organization’s authentication app.
- Click Sign in.
Regenerate the enrollment secret for a user
You can regenerate the enrollment secret for a user that has already enrolled
with time-based one-time password authentication. After you regenerate the
secret, the user will need to re-enroll with an authentication app the next
time that they log in to the console.
- In the Multi-Tenant Console, click Partner Users.
- On the Partner Users tab, click the edit icon for the user you want to regenerate the enrollment secret for.
- Click Regenerate enrollment secret.
- Click Regenerate.
View and manage your account
- In the Cylance Multi-Tenant Console, hover over .
- Do any of the following:
Task | Steps |
---|---|
Update your password. | a. Click My Profile. |
b. Type your current password.
c. Type your new password.
d. Click Update Password.
View the audit log.| a. Click Audit Log.
The audit log lists all user activity from your console.
View your account information.| a. Click Account Overview.
The Account Overview page provides information about your multitenant account,
billing information, and a list of partner users who can access your console’s
information.
Download product usage .csv files.| a. Click Account Overview.
b. On the Product Usage tab, click Download CSV for the appropriate
billing cycle.
Creating partner users in the Cylance Multi-Tenant Console
You can create other Cylance Multi-Tenant Console users that are known as
partner users. You can assign a partner user to one or more tenants that they
can manage.
You can assign a role to a partner user that defines the level of access that
is granted to the user. Users that are assigned the administrator role can
create and manage tenants, create tenant users, and create and manage console
users. Partner read-only users have read-only access to the tenants that are
assigned to them and they can’t make changes to tenants.
Partner administrators can’t disable CylanceOPTICS, CylancePERSONA, or
CylanceGATEWAY services after they have been enabled for a tenant. They will
have to contact BlackBerry Support to disable these services.
Create a partner user
When you create a partner user, an invitation is sent to the user’s email address. The invitation includes a link that allows them to create a password for their console’s account.
- In the Cylance Multi-Tenant Console, on the menu bar, click Partner Users.
- On the Partner Users tab, click Add Partner User.
- Specify the required information.
- In the Select A Role drop-down list, click the appropriate role for the partner user.
- Click Save & Finish.
After you finish:
- To edit a partner user, on the Partner Users page, click . Click Save & Finish.
- To reset a partner user password, on the console’s login page, click Forgot Password? Specify the required information and click Send Reset Link. The partner user will receive an email with a link to reset their password.
- To delete a partner user, on the Partner Users page, click beside the partner user that you want to delete.
Click Confirm.
Create and customize partner roles
In the Cylance Multi-Tenant Console, you can create new user roles using custom permission sets. This allows you to create roles with customized access to the console’s features.
- In the Cylance Multi-Tenant Console, click Partner Users.
- On the Roles and Permissions tab, click Add Role.
- Type a role name.
- Select permissions for the role. For more information about the available permissions, see Permissions for user roles.
- Click Save New Role.
After you finish:
• To edit a partner role, on the Roles and Permissions tab, click beside the role that you want to modify. Click Save Role.
• To delete a partner role, on the Roles and Permissions tab, click beside the role that you want to delete. Click Confirm.
Permissions for user roles
Tenant
These permissions relate to the tenant in the Cylance Multi-Tenant Console
that the user is assigned to.
Permission | Description |
---|---|
Shutdown tenants | This permission allows users to shutdown a tenant. |
View tenant list | This permission allows users to view a list of tenants in |
the console.
Read tenant details| This permission allows users to read the tenant details,
such as tenant information, purchase information, licensing, and evaluation
EULA.
Add or modify tenant details| This permission allows users to create or modify
tenants in the console.
Policy template
These permissions relate to the policy template in the Cylance Multi-Tenant
Console.
Permission | Description |
---|---|
Read policy template details | This permission allows users to read the policy |
template details, including the policy settings.
View policy template list| This permission allows users to view a list of
policy templates in the console.
Add or modify policy template
information| This permission allows users to create or modify policy templates
in the console.
Delete policy templates| This permission allows users to delete policy
templates in the console.
Report
These permissions relate to the Cylance Multi-Tenant Console reports.
Permission | Description |
---|---|
Read report details and report lists | This permission allows users to read the |
console reports.
Add or modify report information| This permission allows users to create or
modify reports in the console.
Delete report| This permission allows users to delete a report from the
console.
Partner-App
These permission relate to the use of API integrations with partner apps in
the Cylance Multi-Tenant Console.
Permission | Description |
---|---|
List partner-app API integration details | This permission allows users to list |
partner-app API integration details in
the console.
Read partner-app API integration details| This permission allows users to read
partner-app API integration details in the console.
Add or modify partner-app API integrations| This permission allows users to
add or modify partner-app API integrations in the console.
Delete partner-app API integrations| This permission allows users to delete
partner-app API integrations in the console.
Ghost-Login
These permissions relate to the Ghost-Login feature in the Cylance Multi-
Tenant Console.
Permission | Description |
---|---|
Ghost-login as tenant user | This permission allows a partner to log in with |
the user’s account as if they were a tenant user, even if the user is assigned
a different user role. The console will log the email address of the partner
who logs in as the user.
Ghost-login as tenant admin| This permission allows a partner to log in with
the user’s account as if they were a tenant administrator, even if the user is
assigned a different user role. The console will log the email address of the
partner who logs in as the user.
Ghost-login as tenant zone manager| This permission allows a partner to log in
with the user’s account as if they were a tenant zone manager, even if the
user is assigned a different user role. The console will log the email address
of the partner who logs in as the user.
Ghost-login as tenant read only| This permission allows users to log in with
the user’s account as if they were a tenant read only user, even if the user
is assigned a different user role. The console will log the email address of
the partner who logs in as the user.
Partner
These permissions relate to partner users in the Cylance Multi-Tenant Console.
Permission | Description |
---|
Ability to approve creation of
tenants| This permission allows users to approve the creation of tenants.
View partner list| This permission allows users to view the partner list.
Read partner details| This permission allows users to read partner details.
Add or modify partner information| This permission allows users to add or
modify partner information.
Delete partners| This permission allows users to delete partners.
User
These permissions relate to the users associated to a tenant in the Cylance
Multi-Tenant Console.
Permission | Description |
---|---|
View user list | This permission allows users to view a list of users in the |
console.
Read user details| This permission allows users to read user information.
Add or modify user information| This permission allows users to create or
modify users in the console.
Delete users| This permission allows users to delete users from the console.
Role
These permissions relate to the roles in the Cylance Multi-Tenant Console.
Permission | Description |
---|---|
View role list | This permission allows users to view list of roles in the |
console.
Read role details| This permission allows users to read role information.
Add or modify role information| This permission allows users to create or
modify roles in the console.
Delete roles| This permissions allows users to delete roles from the console.
Managing tenants in the Cylance Multi-Tenant Console
In the Cylance Multi-Tenant Console, a tenant represents a customer’s organization. Each tenant in the console resides in an independent customer environment with its own associated devices. After you create a tenant in the console, you can create tenant users and assign them to the appropriate tenant. If one or more Cylance Endpoint Security services cannot be successfully enabled in the tenant, an error icon displays in the status column. Tenants with an evaluation license (a trial license) have 60 days to manually convert to a customer license. Sixty days after the tenant creation date, the tenant will automatically be converted to a customer license. Fourteen days before the automated license conversion, an icon will appear next to the tenant’s name to remind the tenant about the pending conversion.
Create a tenant
-
In the Cylance Multi-Tenant Console, click Tenants > Add New tenant.
-
In the Tenant name field, type the name for the tenant.
-
Optionally, in the Unique admin email field, type the email address of the tenant user.
-
Optionally, in the Custom Domain field, type a custom domain name to make it easier for your users to access the tenant.
-
In the Tenant Address section, specify the tenant’s address information.
-
In the Tenant Features section, choose the features or services that you want to turn on for the tenant.
-
In the Enter Licensing Details section, specify the total number of licenses granted for each service.
The CylancePROTECT license count is required when you add licenses to a tenant. By default, only CylancePROTECT is enabled for the tenant. To turn on additional services such as CylanceOPTICS, CylancePERSONA, and CylanceGATEWAY, in the Tenant Services section, turn on the desired services. If a service cannot be successfully enabled in a tenant, an error icon displays under the service. -
If you want to turn on additional CylanceOPTICS services, under Tenant Services, turn on Optics v2. Choose the features that you want to turn on.
-
Click Save & Finish.
Tenant creation is an asynchronous process that prevents you from making edits to the tenant until the process is complete.
After you finish:
• To view a list of your customers’ tenants, click the Active Tenants tab.
• To edit a tenant, on the Active Tenants tab, click the tenant that you want to edit. Click beside the section that you want to edit. To save your changes, click .
Manage tenant threats from a global list
You can view the policies, zones, devices, agent versions, and tenant users
for the tenants you manage, which allows you to help manage your customers’
organizations and assist with troubleshooting.
You can add a file to the global quarantine list to block it from all devices
in a tenant, and you can add a file to the global safelist to allow it on all
devices in the tenant.
- In the Cylance Multi-Tenant Console, on the menu bar, click Tenants.
- On the Active Tenants tab, click a tenant.
- On the Threats tab, click the threat that you want to take action on.
- To add a threat to the global quarantine list, click Globally Quarantine. To add the threat to the global safelist, click Globally Safelist.
- Choose the tenants to add the threat to their global quarantine list.
- Click Next.
- Type a reason for adding this to the global quarantine list or global safelist.
- Click Next.
- Click Globally Quarantine or Globally Safelist.
After you finish:
- To remove an item from the global quarantine list, on the Active Tenants tab, click a tenant. On the Quarantine List tab, choose the files that you want to remove. Click Remove Selected > Yes, Remove from List.
- To remove an item from the global safelist, on the Active Tenants tab, click a tenant. On the Safelist tab, choose the files that you want to remove. Click Remove Selected > Yes, Remove from List.
Create tenant users
As a Cylance Multi-Tenant Console administrator, you can add tenant users,
which represent the employees within an organization. When you add a tenant
user, they will receive an invitation email message to create a password and
set up their account.
- In the Cylance Multi-Tenant Console, on the menu bar, click Tenants.
- On the Active Tenants tab, click a tenant that you want to add a user to.
- On the Tenant Users tab, click Add Tenant User.
- Specify the tenant user’s first name, last name, and email address.
- Click Save & Finish.
After you finish:
• To edit a tenant user, on the Active Tenants tab, click the tenant that the tenant user belongs to. On the Tenant Users tab, click beside the tenant user. Click Save & Finish.
• To delete a tenant user, on the Active Tenants tab, click the tenant that the tenant user belongs to. On the Tenant Users tab, click beside the tenant user that you want to delete. Click Confirm.
Use support login to log in as a tenant or tenant user
Support login, also known as ghost login, allows you to conveniently log in to
a tenant’s Cylance console as the tenant or as a tenant user to manage their
account. With support login, you don’t need a password to access a tenant or
tenant user’s Cylance console. You can only view and modify what their
permissions allow.
The user’s audit log will show that you logged in to the Cylance console as
the user.
Before you begin: To use the support login feature, contact a tenant
administrator to verify that support login is enabled in the tenant’s Cylance
console. On the menu bar, the administrator should click Settings >
Application and confirm that Enable Support Login is selected.
- In the Cylance Multi-Tenant Console, on the menu bar, click Tenants.
- Do one of the following:
Task | Steps |
---|---|
Use support login to login as a tenant | a. On the Active Tenants tab, click |
beside the tenant you want to log in as.
b. Click Confirm.
Use support login to login as a tenant user| a. On the Active Tenants tab,
click the tenant.
b. On the Tenant Users tab, click beside the user you want to log in as.
c. Click Confirm.
You will be taken directly to the Cylance console using the tenant or tenant user’s account.
Shut down a tenant
If a customer’s license to the Cylance console expires, you can shut down the tenant, which removes their access to the Cylance console. Because the agents will no longer communicate with the Cylance console, they will display a message stating that the user will need an installation token to connect to the console. After you shut down a tenant, you cannot recover the tenant’s data unless you turn on the 7-day grace period. This grace period allows you to cancel the shutdown and it gives the tenant time to renew their Cylance licenses.
- In the Cylance Multi-Tenant Console, on the menu bar, click Tenants.
- On the Active Tenants tab, click the tenant that you want to shut down.
- Click Shut Down Tenant.
- Do one of the following:
Action| Description
---|---
Turn off the 7-day grace period.| • The tenant will be removed from your system and you won’t be
able to recover its data. The process may take up to 24 hours to
complete.
Turn on the 7-day grace period.| • The tenant will be removed after the 7-day grace period. After the grace period ends, the tenant is removed and you won’t be able to recover its data.
• During the grace period, you can cancel the shutdown by clicking Tenants > Pending > Cancel Shutdown. - Click Shut down tenant.
Managing device policies from the Cylance Multi-Tenant Console
A device policy defines how the CylancePROTECT agent handles malware it
detects on a user’s device. A device policy is also used to enable and
configure other services, including CylanceOPTICS and CylancePERSONA Desktop.
Every device must be assigned a device policy. If you do not assign a custom
policy to a device, the device is assigned the default policy.
The device policy templates allow you to configure and customize policy
settings, apply them to new and existing tenants, and manage device policy
assignments for all tenants directly from the Cylance Multi-Tenant Console.
Policy template actions are recorded in the console audit log, which includes
the user who performed the action and the time of the action.
Policy template role permissions allow you to grant console users access to
the policy template. Enabling a policy template permission does not
automatically enable any dependencies. For example, if you enable the read
policy template details permission, you must also enable the view policy
template list permission. For more information, see Create and customize
partner roles.
Note that there is no automated synchronization between the device policy
template and the tenant policies. If you update the template, you will have to
re-apply the template to a tenant.
Step | Action |
---|---|
1 | Create a device policy template. |
2 | Apply a device policy template to a tenant. |
3 | Assign a device policy to a device. |
Create a device policy template
You can create device policy templates to apply to your customers’ tenants. This feature can streamline customer onboarding, product enablement, and the implementation process.
-
In the Cylance Multi-Tenant Console, on the menu bar, click Settings > Add New Template.
-
Type a name for the template.
-
Configure the device policy settings.
For more information about device policy settings and description. see Device policy settings. -
Click Save & Finish.
After you finish: Apply a device policy template to a tenant.
Apply a device policy template to a tenant
To assign the same device policy to multiple devices in a tenant, you will
first need to apply the device policy template to the tenant that those
devices belong to.
Before you begin: Create a device policy template.
- In the Cylance Multi-Tenant Console, on the menu bar, click Tenants.
- On the Active Tenants page, click a tenant.
- On the Policies tab, click Apply a Policy Template.
- Select one or more policy templates to assign to the tenant. You can use keywords to filter the policy templates.
- Click Apply.
After you finish: Assign a device policy to a device.
Assign a device policy to a device
After you assign a device policy template to a customer’s tenant, you can
apply the device policy to devices that belong to that tenant. You can apply a
device policy to multiple devices, but a device can only have one policy.
Before you begin: Apply a device policy template to a tenant.
- In the Cylance Multi-Tenant Console, click Tenants.
- On the Active Tenants tab, click a tenant.
- On the Devices tab, select the devices that you want the device policy to apply to.
- Click Assign Policy.
- Select a policy to apply to the devices.
- Click Assign Policy.
Device policy settings
Cylance Endpoint Security administrators use device policies to configure and
define the behavior of the CylancePROTECT Desktop agent, the CylanceOPTICS
agent, and the CylancePERSONA Desktop agent on users’ devices.
For more information about each device policy setting, see the Device policy
documentation.
Using linked policy templates
You can create a linked policy template and link it to all of your tenants or to a subset of your tenants. If you make a change to a setting in one of the linked policy templates, that change applies to all of the tenants that use the policy. This allows you to quickly make changes to multiple tenants instead of updating each tenant separately.
Create a linked policy template
A linked policy template allows you to select a set of options that you can apply to multiple tenants simultaneously.
-
In the Cylance Multi-Tenant Console, click Settings > Linked Policy Templates.
-
Click Add New Template.
-
Type a name for the template.
-
Turn on the Default Template option if you want the linked policy template to override the policy template in your linked tenants.
Note that after you set a policy template as a default template, it remains linked with the tenant’s default policies and cannot be modified. -
Click the options in the left-hand menu and select the settings that you want to apply to the linked policy template.
-
Click Create.
Link a linked policy template with multiple tenants
You can link a linked policy template with multiple tenants, which allows you
to make a change to the linked policy and update all of the tenants that you
have linked with the policy simultaneously.
For a non-default linked template, when the linking request creates a new
policy in all tenants selected for linking, an email message with linking
status details is sent to the administrator. For a default linked template,
when the linking operation updates the default policy in all tenants selected
for linking, an email message with linking status details is sent to the
administrator.
- In the Cylance Multi-Tenant Console, click Settings > Linked Policy Template.
- Click the linked policy template that you want to link.
- Click Linked Tenants.
- Click Link Tenant.
- Select the tenants that you want to link the policy template to, or use the search field to find the tenants and add them.
- Click Link Tenant.
Note that while linking is taking place, you cannot make any changes to the associated template.
Unlink a linked policy template from tenants
When a linked policy template is unlinked from selected tenants, the
corresponding policy in the linked tenant is not deleted.
- In the Cylance Multi-Tenant Console, click Settings > Linked Policy Templates > Linked Tenants.
- Select the tenants that you want to unlink the linked policy template from.
- Click Unlink Tenant > Unlink.
Update a linked policy template
When a linked policy template is updated, the corresponding policy in any
linked tenants is updated. If you have made changes to a linked policy in the
tenant directly, those changes will be overwritten. For a non-default linked
template, when the linking operation finishes updating the linked policy in
all linked tenants, an email message with linking status details is sent to
the administrator. For a default linked template, when the linking operation
finishes updating the default policy in all linked tenants, an email message
with linking status details is sent to the administrator.
-
In the Cylance Multi-Tenant Console, click Settings > Linked Policy Templates.
-
Click the template that you want to update.
-
Make your changes.
Note that after you set a policy template as a default template, it remains linked with the tenant’s default policies and cannot be modified. -
Click Save.
Delete a linked policy template
You cannot delete templates that are linked with a tenant. You must remove
them from the tenant first.
- In the Cylance Multi-Tenant Console, click Settings > Linked Policy Templates.
- Select the templates that you want to remove.
- Click Delete.
- Click Remove Template.
Create a report
You can use the reports feature to produce custom reports that collect data
from across the tenants that you manage.
- In the Cylance Multi-Tenant Console, on the menu bar, click Reports.
- On the Reports tab, click Create Report.
- Type a report name.
- From the Report Type drop-down list, select one of the following reports:
Report type| Description
---|---
Audit Log| This report logs actions performed in the console.
Account Data| This report includes information about the tenant.
Partner User| This report includes information about partner users and roles.
Tenant Devices| This report includes information about tenant devices.
Tenant Detections| This report includes information about detected threats.
Tenant User| This report includes user information and information about roles
across all tenants.
Policy Details| This report includes information about device policy settings. - In the Report Fields section, select the report fields that you want to apply to the report.
- In the Report Filters section, add a filter and configure its parameters.
- If you want to run the report on a schedule, turn on Schedule Report and do one of the following:
Action| Steps
---|---
Run the report once on a specific
date.| a. Click One-Time.
b. Set the date you want the report to run on.
Run the report on a regular basis.| a. Click Recurring.
b. Set the frequency you want the report to run on.
c. Set the start date of the report, the date the report will run on, and the date the report will end on. - Do one of the following:
• To save the report and run it immediately, click Save and Run Report.
• To save the report without running it, click Save & Finish.
After you finish:
- To view and download recently generated reports, on the Reports page, click Recently Run.
- To edit a report, on the Reports tab, click beside the report that you want to edit. To save your changes, click Save and Run Report or Save & Finish.
Report filters
Report filters that require filter text
Filter | Description |
---|---|
Contains | The data that is returned from this filter contains the contents |
that you type into the filter text field.
For example, if you type “ol” into the Contains filter text field, “policy” is
included in the report, but “template” is excluded from the report.
Does not contain| The data that is returned from this filter does not contain
the contents that you type into the filter text field.
For example, if you type “po” into the Does not contain filter text field,
“partner” is included in the report, but “policy” is excluded from the report.
Ends with| The data that is returned from this filter ends with the contents
that you type into the filter text field.
For example, if you type “ing” into the Ends with filter text field,
“reporting” is included in the report, but “reported” is excluded from the
report.
In| With this filter, you can select the type of content that you want to
include in the report, such as usernames and actions.
Is equal| The data that is returned from this filter match the contents that
you type into the filter text field.
Is not equal| The data that is returned from this filter does not match the
contents
that you type into the filter text field.
Starts with| The data that is returned from this filter start with the
contents that you type into the filter text field.
For example, if you type “po” into the Starts with filter text field, “policy”
is
included from the report, but “partner” is excluded from the report.
Report filters for counts and dates
Filter | Description |
---|---|
Greater than | For counts or for filters that use an integer, the data that is |
greater than the number that you specify is included in the report. For dates,
the data that is newer than the selected date is included in the report.
Greater than or equal| For counts or for filters that use an integer, the data
that is greater than or equal to the number that you specify is included in
the report. For dates, the data that is newer than or equal to the selected
date is included in the report.
Filter| Description
---|---
Is equal| For counts or for filters that use an integer, the data that is
equal to the number that you specify is included in the report. For dates, the
data that has the same date as the selected date is included in the report.
Is not equal| For counts or filters that use an integer, the data that is not
equal to the number that you specify is included in the report. For dates, the
data that has a date that is not the same as the selected date is included in
the report.
Less than| For counts or for filters that use an integer, the data that is
less than the number that you specify is included in the report. For dates,
the data that is older than the selected date is included in the report.
Less than or equal| For counts or for filters that use an integer, the data
that is less than or equal to the number that you specify is included in the
report. For dates, the data that is older than or equal to the selected date
is included in the report.
Generating an API token for the Cylance Multi-Tenant Console
The Cylance Multi-Tenant Console API allows you to generate an API token,
access policy templates, and administer tenants.
To learn about how to create a partner application, generate a bearer token,
and make an API health check, see the Cylance MTC Partner API Documentation.
There, you will find a downloadable JSON file that contains examples of the
console’s API that you can import into Postman. If you use other API software,
you can copy the API requests directly from the API webpage.
Legal notice
© 2022 BlackBerry Limited. Trademarks, including but not limited to
BLACKBERRY, BBM, BES, EMBLEM Design, ATHOC, CYLANCE and SECUSMART are the
trademarks or registered trademarks of BlackBerry Limited, its subsidiaries
and/or affiliates, used under license, and the exclusive rights to such
trademarks are expressly reserved. All other trademarks are the property of
their respective owners.
This documentation including all documentation incorporated by reference
herein such as documentation provided or made available on the BlackBerry
website provided or made accessible “AS IS” and “AS AVAILABLE” and without
condition, endorsement, guarantee, representation, or warranty of any kind by
BlackBerry Limited and its affiliated companies (“BlackBerry”) and BlackBerry
assumes no responsibility for any typographical, technical, or other
inaccuracies, errors, or omissions in this documentation. In order to protect
BlackBerry proprietary and confidential information and/or trade secrets, this
documentation may describe some aspects of BlackBerry technology in
generalized terms. BlackBerry reserves the right to periodically change
information that is contained in this documentation; however, BlackBerry makes
no commitment to provide any such changes, updates, enhancements, or other
additions to this documentation to you in a timely manner or at all.
This documentation might contain references to third-party sources of
information, hardware or software, products or services including components
and content such as content protected by copyright and/or thirdparty websites
(collectively the “Third Party Products and Services”). BlackBerry does not
control, and is not responsible for, any Third Party Products and Services
including, without limitation the content, accuracy, copyright compliance,
compatibility, performance, trustworthiness, legality, decency, links, or any
other aspect of Third Party Products and Services. The inclusion of a
reference to Third Party Products and Services in this documentation does not
imply endorsement by BlackBerry of the Third Party Products and Services or
the third party in any way.
EXCEPT TO THE EXTENT SPECIFICALLY PROHIBITED BY APPLICABLE LAW IN YOUR
JURISDICTION, ALL CONDITIONS, ENDORSEMENTS, GUARANTEES, REPRESENTATIONS, OR
WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION, ANY
CONDITIONS, ENDORSEMENTS, GUARANTEES, REPRESENTATIONS OR WARRANTIES OF
DURABILITY, FITNESS FOR A PARTICULAR PURPOSE OR USE, MERCHANTABILITY,
MERCHANTABLE QUALITY, NON-INFRINGEMENT, SATISFACTORY QUALITY, OR TITLE, OR
ARISING FROM A STATUTE OR CUSTOM OR A COURSE OF DEALING OR USAGE OF TRADE, OR
RELATED TO THE DOCUMENTATION OR ITS USE, OR PERFORMANCE OR NON-PERFORMANCE OF
ANY SOFTWARE, HARDWARE, SERVICE, OR ANY THIRD PARTY PRODUCTS AND SERVICES
REFERENCED HEREIN, ARE HEREBY EXCLUDED. YOU MAY ALSO HAVE OTHER RIGHTS THAT
VARY BY STATE OR PROVINCE. SOME JURISDICTIONS MAY NOT ALLOW THE EXCLUSION OR
LIMITATION OF IMPLIED WARRANTIES AND CONDITIONS. TO THE EXTENT PERMITTED BY
LAW, ANY IMPLIED WARRANTIES OR CONDITIONS RELATING TO THE DOCUMENTATION TO THE
EXTENT THEY CANNOT BE EXCLUDED AS SET OUT ABOVE, BUT CAN BE LIMITED, ARE
HEREBY LIMITED TO NINETY (90) DAYS FROM THE DATE YOU FIRST ACQUIRED THE
DOCUMENTATION OR THE ITEM THAT IS THE SUBJECT OF THE CLAIM.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW IN YOUR JURISDICTION, IN NO
EVENT SHALL BLACKBERRY BE LIABLE FOR ANY TYPE OF DAMAGES RELATED TO THIS
DOCUMENTATION OR ITS USE, OR PERFORMANCE OR NON-PERFORMANCE OF ANY SOFTWARE,
HARDWARE, SERVICE, OR ANY THIRD PARTY PRODUCTS AND SERVICES REFERENCED HEREIN
INCLUDING WITHOUT LIMITATION ANY OF THE FOLLOWING DAMAGES: DIRECT,
CONSEQUENTIAL, EXEMPLARY, INCIDENTAL, INDIRECT, SPECIAL, PUNITIVE, OR
AGGRAVATED DAMAGES, DAMAGES FOR LOSS OF PROFITS OR REVENUES, FAILURE TO
REALIZE ANY EXPECTED SAVINGS, BUSINESS INTERRUPTION, LOSS OF BUSINESS
INFORMATION, LOSS OF BUSINESS OPPORTUNITY, OR CORRUPTION OR LOSS OF DATA,
FAILURES TO TRANSMIT OR RECEIVE ANY DATA, PROBLEMS ASSOCIATED WITH ANY
APPLICATIONS USED IN CONJUNCTION WITH BLACKBERRY PRODUCTS OR SERVICES,
DOWNTIME COSTS, LOSS OF THE USE OF BLACKBERRY PRODUCTS OR SERVICES OR ANY
PORTION THEREOF OR OF ANY AIRTIME SERVICES, COST OF SUBSTITUTE GOODS, COSTS OF
COVER, FACILITIES OR SERVICES, COST OF CAPITAL, OR OTHER SIMILAR PECUNIARY
LOSSES, WHETHER OR NOT SUCH DAMAGES WERE FORESEEN OR UNFORESEEN, AND EVEN IF
BLACKBERRY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW IN YOUR JURISDICTION,
BLACKBERRY SHALL HAVE NO OTHER OBLIGATION, DUTY, OR LIABILITY WHATSOEVER IN
CONTRACT, TORT, OR OTHERWISE TO YOU INCLUDING ANY LIABILITY FOR NEGLIGENCE OR
STRICT LIABILITY.
THE LIMITATIONS, EXCLUSIONS, AND DISCLAIMERS HEREIN SHALL APPLY: (A)
IRRESPECTIVE OF THE NATURE OF THE CAUSE OF ACTION, DEMAND, OR ACTION BY YOU
INCLUDING BUT NOT LIMITED TO BREACH OF CONTRACT, NEGLIGENCE, TORT, STRICT
LIABILITY OR ANY OTHER LEGAL THEORY AND SHALL SURVIVE A FUNDAMENTAL BREACH OR
BREACHES OR THE FAILURE OF THE ESSENTIAL PURPOSE OF THIS AGREEMENT OR OF ANY
REMEDY CONTAINED HEREIN; AND (B) TO BLACKBERRY AND ITS AFFILIATED COMPANIES,
THEIR SUCCESSORS, ASSIGNS, AGENTS, SUPPLIERS (INCLUDING AIRTIME SERVICE
PROVIDERS), AUTHORIZED BLACKBERRY DISTRIBUTORS (ALSO INCLUDING AIRTIME SERVICE
PROVIDERS) AND THEIR RESPECTIVE DIRECTORS, EMPLOYEES, AND INDEPENDENT
CONTRACTORS.
IN ADDITION TO THE LIMITATIONS AND EXCLUSIONS SET OUT ABOVE, IN NO EVENT SHALL
ANY DIRECTOR, EMPLOYEE, AGENT, DISTRIBUTOR, SUPPLIER, INDEPENDENT CONTRACTOR
OF BLACKBERRY OR ANY AFFILIATES OF BLACKBERRY HAVE ANY LIABILITY ARISING FROM
OR RELATED TO THE DOCUMENTATION.
Prior to subscribing for, installing, or using any Third Party Products and
Services, it is your responsibility to ensure that your airtime service
provider has agreed to support all of their features. Some airtime service
providers might not offer Internet browsing functionality with a subscription
to the BlackBerry Internet Service. Check with your service provider for
availability, roaming arrangements, service plans and features. Installation
or use of Third Party Products and Services with BlackBerry’s products and
services may require one or more patent, trademark, copyright, or other
licenses in order to avoid infringement or violation of third party rights.
You are solely responsible for determining whether to use Third Party Products
and Services and if any third party licenses are required to do so. If
required you are responsible for acquiring them. You should not install or use
Third Party Products and Services until all necessary licenses have been
acquired. Any Third Party Products and Services that are provided with
BlackBerry’s products and services are provided as a convenience to you and
are provided “AS IS” with no express or implied conditions, endorsements,
guarantees, representations, or warranties of any kind by BlackBerry and
BlackBerry assumes no liability whatsoever, in relation thereto. Your use of
Third Party Products and Services shall be governed by and subject to you
agreeing to the terms of separate licenses and other agreements applicable
thereto with third parties, except to the extent expressly covered by a
license or other agreement with BlackBerry.
The terms of use of any BlackBerry product or service are set out in a
separate license or other agreement with BlackBerry applicable thereto.
NOTHING IN THIS DOCUMENTATION IS INTENDED TO SUPERSEDE ANY EXPRESS WRITTEN
AGREEMENTS OR WARRANTIES PROVIDED BY BLACKBERRY FOR PORTIONS OF ANY BLACKBERRY
PRODUCT OR SERVICE OTHER THAN THIS DOCUMENTATION.
BlackBerry Enterprise Software incorporates certain third-party software. The
license and copyright information associated with this software is available
at http://worldwide.blackberry.com/legal/thirdpartysoftware.jsp.
BlackBerry Limited
2200 University Avenue East
Waterloo, Ontario
Canada N2K 0A7
BlackBerry UK Limited
Ground Floor, The Pearce Building, West Street,
Maidenhead, Berkshire SL6 1RL
United Kingdom
Published in Canada
References
Read User Manual Online (PDF format)
Read User Manual Online (PDF format) >>