Skip Navigation

Configuring
Kerberos
authentication for
BlackBerry Dynamics
apps

In a
BlackBerry UEM
on-premises environment,
BlackBerry Dynamics
apps support
Kerberos
Constrained Delegation (KCD) and
Kerberos
PKINIT. You can support KCD or
Kerberos
PKINIT for
BlackBerry Dynamics
apps, but not both.
Kerberos
authentication
Description
KCD
KCD allows users to access enterprise resources without having to enter their network credentials. KCD uses service tickets that are encrypted and decrypted by keys that do not contain the user’s credentials.
When you configure KCD, the
BlackBerry Dynamics
app delegates authentication to
UEM
to act on its behalf to request access to a work resource. You can limit the network resources that are accessible to users by configuring the account that
UEM
uses to be trusted only for specific services.
For example, if KCD is not configured and an app requests a resource like mypage.mydomain.com, the app prompts the user for credentials. When KCD is configured, the
BlackBerry Dynamics
infrastructure handles authentication and the user is not prompted for credentials.
Kerberos
PKINIT
Kerberos
PKINIT authentication establishes trust directly between the
BlackBerry Dynamics
app and the
Windows
KDC. User authentication is based on certificates issued by Microsoft Active Directory Certificate Services.