BlackBerry UEMoffers the following options to adjust the user experience for accessing
Fingerprint and biometric authentication
Various forms of biometric authentication are supported by the
BlackBerry DynamicsSDK, including fingerprint authentication and for
BlackBerry UEMadministrator can use a
BlackBerry Dynamicsprofile (
UEM) to enable biometric authentication. Contact your organization’s administrator to enable and configure these features.
For more information, see
BlackBerry Dynamicsand Fingerprint Authentication.
BlackBerry UEMadministrator can configure up to three
BlackBerry Dynamicsapps on users’ devices to act as an authentication delegate (a primary, secondary, and tertiary delegate). When a user opens any
BlackBerry Dynamicsapp, the device will display the login screen of the authentication delegate app. After the user logs in successfully, all of the
BlackBerry Dynamicsapps on the device are unlocked. The user does not need to enter a password again until the idle timeout is reached.
If you want your custom
BlackBerry Dynamicsapp to be an authentication delegate, the
UEMadministrator must specify the app package ID (
Android) or bundle ID (
iOS) in the
BlackBerry Dynamicsapp settings in the management console. Contact your organization’s administrator to provide this information. For instructions for specifying the package ID or bundle ID for an app, see Manage settings for a BlackBerry Dynamics app in the
UEM Administration Guide.
The administrator configures one or more authentication delegate using a
BlackBerry Dynamicsprofile. It is a best practice to configure the most commonly used app as the authentication delegate. Contact your organization’s administrator to configure one or more authentication delegates.
If the administrator configures a secondary authentication delegate, the administrator must notify users that if they delete the primary authentication delegate app, the user must unlock the secondary delegate app and set the app password again so that it can be used to authenticate any additional
BlackBerry Dynamicsapps. The same requirement applies if a tertiary delegate is configured and the primary and secondary delegate apps are deleted.
Do not require a password
Enabled using a
BlackBerry Dynamicsprofile, this setting removes the password login for
BlackBerry Dynamicsapps. Users cannot choose whether to use a password.
Do not enable authentication delegation and this setting in the same profile or policy set. This feature is supported in
UEM12.7 or later. If the setting is enabled and then disabled at a later date, users are prompted to create a password the next time they log in to a
You can use the GDAndroid.getInstance().canAuthorizeAutonomously() or [GDiOS sharedInstance].canAuthorizeAutonomously method to check if this feature is enabled. See the GDInteraction sample app (Android) or the SecureStore sample app (iOS) for examples of this method.
Bypass the app unlock screen
Enabled in the
UEM Clientsettings for a specific
BlackBerry Dynamicsapp (
UEM), this setting allows an app to completely bypass the password login screen.
For more information and programming guidance, see the Bypass Unlock Developer Guide.
Background Authorize for
Background Authorize is a restricted API that allows a recently locked
BlackBerry Dynamicsapp to use the principal BlackBerry Dynamics APIs (such as secure storage and secure communication) when the app is running in the background.
This feature can be useful in scenarios where the app has stopped unexpectedly and is started in the background in response to an APNS message (for example, a new email). If Background Authorize is enabled, the app can download new data and store it in the secure container. When the user brings the app to the foreground they can authorize and immediately access the data (for example, messages).
To access this restricted API, submit a request to the
BlackBerry DynamicsRegistrar program at BlackBerryDynamicsRegistrar@blackberry.com.
For more information about this feature, see the Background Authorize Developer Guide.
Background Authorize for Android
BlackBerry Dynamicsapps to background unlock, receive state callback, and use credential-protected storage. The app can use canAuthorizeAutonomously() to check if it is possible to use background unlock, and if possible, authorize with serviceInit().
The SDK supports ASWebAuthenticationSession. The
BlackBerry Dynamicsimplementation of ASWebAuthenticationSession utilizes
BlackBerry Dynamicssecure communication and secure storage for cookies. To protect enterprise credentials from being stored in the
iOSkeychain, the device user will not be able to use the
Safarisaved passwords feature in the embedded webview.
Initialize an instance of ASWebAuthenticationSession in your app to allow user authentication through a web service, including those operated by a third party. The page will open in a secure, embedded webview in
iOS, or the users default browser (if it supports web authentication sessions) on
macOS. For more information, see Authenticating a User Through a Web Service.