Skip Navigation

Process flow: Certificate enrollment using a PKI connector

Process flow for certificate enrollment using a PKI connector
  1. The 
    BlackBerry UEM
     administrator creates and configures a user credential profile to obtain client certificates for 
    BlackBerry Dynamics
     apps from the enterprise CA using the organization’s PKI connector. The administrator assigns the profile to the user.
  2. The user installs and activates a 
    BlackBerry Dynamics
     app. The 
    BlackBerry Dynamics Runtime
     sends a request to 
     for a PKI certificate.
  3. UEM
     calls the PKI connector to request the certificate.
  4. The PKI connector carries out any custom logic that the organization requires (for example, a user password, smart card authentication, or monitoring of certificate requests) and requests the certificate from the enterprise CA.
  5. The CA provides the certificate (key-pair) to the PKI connector.
  6. The PKI connector provides the certificate to 
  7. UEM
     provides the certificate to the 
    BlackBerry Dynamics
  8. The app receives the certificate and uses it for different purposes, for example, to authenticate with the server when prompted, or to sign an email or document.