User authentication

BlackBerry UEM
 and standalone 
Good Control
 offer the following options to adjust the user experience for accessing 
BlackBerry Dynamics
 apps.
Fingerprint and biometric authentication
Various forms of biometric authentication are supported by the 
BlackBerry Dynamics
 SDK, including fingerprint authentication and 
Samsung Pass
 for 
Android
, and 
Touch ID
 and 
Face ID
 for 
iOS
. The 
BlackBerry UEM
 or standalone 
Good Control
 administrator can use a 
BlackBerry Dynamics
 profile (
UEM
) or a security policy (
Good Control
) to enable biometric authentication. Contact your organization’s administrator to enable and configure these features.
See Requirements and support for platform-specific features for more information about supporting 
Samsung Pass
 and 
Face ID
Authentication delegation
The 
BlackBerry UEM
 or standalone 
Good Control
 administrator can configure up to three 
BlackBerry Dynamics
 apps on users’ devices to act as an authentication delegate (a primary, secondary, and tertiary delegate). When a user opens any 
BlackBerry Dynamics
 app, the device will display the login screen of the authentication delegate app. After the user logs in successfully, all of the 
BlackBerry Dynamics
 apps on the device are unlocked. The user does not need to enter a password again until the idle timeout is reached.
If you want your custom 
BlackBerry Dynamics
 app to be an authentication delegate, the 
UEM
 or standalone 
Good Control
 administrator must specify the app package ID (
Android
) or bundle ID (
iOS
) in the 
BlackBerry Dynamics
 app settings in the management console. Contact your organization’s administrator to provide this information. For instructions for specifying the package ID or bundle ID for an app, see Manage settings for a BlackBerry Dynamics app in the 
UEM Administration Guide
.
The administrator configures one or more authentication delegate using a 
BlackBerry Dynamics
 profile (
UEM
) or a security profile (
Good Control
). It is a best practice to configure the most commonly used app as the authentication delegate. Contact your organization’s administrator to configure one or more authentication delegates.
If the administrator configures a secondary authentication delegate, the administrator must notify users that if they delete the primary authentication delegate app, the user must unlock the secondary delegate app and set the app password again so that it can be used to authenticate any additional 
BlackBerry Dynamics
 apps. The same requirement applies if a tertiary delegate is configured and the primary and secondary delegate apps are deleted.
Do not require a password
Enabled using a 
BlackBerry Dynamics
 profile (
UEM
) or security policy (
Good Control
), this setting removes the password login for 
BlackBerry Dynamics
 apps. Users cannot choose whether to use a password.
Do not enable authentication delegation and this setting in the same profile or policy set. This feature is supported in 
UEM
 12.7 or later and 
Good Control
 3.0.50.70 or later. If the setting is enabled and then disabled at a later date, users are prompted to create a password the next time they log in to a 
BlackBerry Dynamics
 app.
You can use the GDAndroid.getInstance().canAuthorizeAutonomously() or [GDiOS sharedInstance].canAuthorizeAutonomously method to check if this feature is enabled. See the GDInteraction sample app (Android) or the SecureStore sample app (iOS) for examples of this method.
Bypass the app unlock screen
Enabled in the 
UEM Client
 settings for a specific 
BlackBerry Dynamics
 app (
UEM
) or by using an app policy (
Good Control
), this setting allows an app to completely bypass the password login screen.
For more information and programming guidance, see the Bypass Unlock Developer Guide.