Skip Navigation

Setting up single sign-on authentication for devices

Using a single sign-on profile, you can enable 
BlackBerry 10
 devices and certain 
 devices to authenticate automatically with domains and web services in your organization’s network. After you assign a single sign-on profile, the user is prompted for a username and password the first time they try to access a secure domain that you specified. The login information is saved on the user’s device and used automatically when the user tries to access any of the secure domains specified in the profile. When the user changes the password, the user is prompted the next time they try to access a secure domain.
You can also use a single sign-on profile to specify trusted domains for certificates that you send to 
BlackBerry 10
 devices using a SCEP profile. Once you specify trusted domains, 
BlackBerry 10
 users can select the required certificates when they access a trusted domain.
Single sign-on profiles support the following authentication types:
Authentication type
Device OS
Applies to
  • Kerberos
  • Browser and apps
  • Can restrict which apps can use the profile
BlackBerry 10 OS
  • Browser and apps in the work space
  • NTLM
  • specify trusted domains for SCEP certificates
BlackBerry 10 OS
  • Browser and apps in the work space
BlackBerry Dynamics
 apps also support 
 authentication. For more information, see Configuring Kerberos for BlackBerry Dynamics apps.