Skip Navigation

Using
Kerberos

BlackBerry Dynamics
apps support both
Kerberos
PKINIT with PKI certificates and
Kerberos
Constrained Delegation. Kerberos PKINIT and
Kerberos
Constrained Delegation are distinct implementations of
Kerberos
. You can support one or the other for
BlackBerry Dynamics
apps, but not both.
With
Kerberos
PKINIT, authentication occurs directly between the
BlackBerry Dynamics
app and the
Windows
Key Distribution Center (KDC). User authentication is based on certificates that are issued by
Microsoft Active Directory
Certificate Services. No additional programming is required by the app developer to use
Kerberos
PKINIT.
With
Kerberos
Constrained Delegation, authentication is based on a trust relationship between the management server (
BlackBerry UEM
or standalone
Good Control
) and a KDC. The management server communicates with the service on behalf of the app.
For more information about how to configure the desired
Kerberos
implementation in
UEM
, including requirements and prerequisites, see Configuring Kerberos for BlackBerry Dynamics apps in the
UEM Administration Guide
.
For more information about configuring the desired
Kerberos
implementation in
Good Control
, see the Good Control and Good Proxy Admin Help and Kerberos Constrained Delegation with Good Control.