Skip Navigation

BlackBerry Dynamics
profile settings

BlackBerry Dynamics
profiles
are supported on the following device types:
  • iOS
  • macOS
  • Android
  • Windows
BlackBerry Dynamics
profile setting
Description
Configuration
Require device management to use
BlackBerry Dynamics
apps
This setting specifies whether a device must be activated with MDM to use
BlackBerry Dynamics
apps.
Enable UEM Client to enroll in
BlackBerry Dynamics
If a device is using the
BlackBerry UEM Client
, this setting specifies whether the
BlackBerry Dynamics
manages the activation of
BlackBerry Dynamics
apps and whether
BlackBerry Dynamics
apps can be used on the device. If this option is not selected,
BlackBerry Dynamics
apps could be removed from the device because the device will not be enabled for
BlackBerry Dynamics
. If you do not plan to use
BlackBerry Dynamics
in your environment, do not select this setting.
Password
Password expiration
This setting specifies whether the password for a
BlackBerry Dynamics
app expires and the number of days a password remains valid before it expires.
Do not allow previous passwords
This setting specifies whether previous passwords can be used and the maximum number of previous passwords that cannot be used for a
BlackBerry Dynamics
app.
Minimum password length
This setting specifies the minimum length of the password for a
BlackBerry Dynamics
app.
Allowed occurrences of a character
This setting specifies how many times a character can appear in a password for a
BlackBerry Dynamics
app.
Require both letters and numbers
This setting specifies whether the password must contain both letters and numbers for a
BlackBerry Dynamics
app.
Require both uppercase and lowercase
This setting specifies whether the password must contain both uppercase and lowercase letters for a
BlackBerry Dynamics
app.
Require at least one special character
This setting specifies whether the password must contain at least one special character for a
BlackBerry Dynamics
app.
Do not allow sequences of more than two numbers
This setting specifies whether the password can contain more than two sequential numbers (for example,1, 2, 3) for a
BlackBerry Dynamics
app.
Do not allow more than one password change per day
This setting specifies whether a password can be changed more than once every 24 hours for a
BlackBerry Dynamics
app.
Do not allow personal information
This setting specifies whether the following personal information can be used in a password for a
BlackBerry Dynamics
app:
  • The user's first and last names (excluding initials) as recorded in
    Active Directory
  • The part of an email address before the @ sign.
Allow Biometrics
This setting specifies whether
BlackBerry Dynamics
apps can be unlocked using biometric input when they are already open in the app switcher on
iOS
devices. You can allow the following options:
  • None
  • Allow
    Touch ID
  • Allow
    Face ID
  • Allow
    Touch ID
    and
    Face ID
Enable Touch ID and Face ID from cold start
This setting specifies whether
BlackBerry Dynamics
apps can be unlocked using the selected biometric input methods when they are opened for the first time after a device restarts.
Require password to be re-entered and disable Touch ID and Face ID
This setting specifies a period of time after which users must enter a password to unlock a
BlackBerry Dynamics
app and re-enable
Touch ID
,
Face ID
, or both.
Allow
Android
biometric authentication
This setting specifies whether
BlackBerry Dynamics
apps can be unlocked using any device-supported biometric authentication method. If this option is not selected, all
Android
biometric authentication features are blocked, including fingerprint, iris, and face recognition.
Enable
Android
biometric authentication after the device or app restarts
This setting specifies whether
BlackBerry Dynamics
apps can be unlocked using biometric authentication when they are opened for the first time after a device restarts.
Require password to be re-entered and disable
Android
biometric authentication
This setting specifies a period of time after which users must enter a password to unlock a
BlackBerry Dynamics
app and re-enable
Android
biometric authentication.
Do not require password
These settings specify whether a user can access a
BlackBerry Dynamics
app without entering a password. The choices are:
  • iOS
  • macOS
  • Android
  • Windows
Blocked password list
Blocked password file (.txt)
This setting specifies a list of banned passwords. You can download the previously uploaded list of banned passwords. Passwords in the list must meet the following requirements: each password must be separated by a hard return, only UTF-8 characters are supported, and passwords must be 14 characters or less.
Lock screen
Require password when
BlackBerry Dynamics
apps start
This setting specifies whether a password is required each time a
BlackBerry Dynamics
app is started.
If you are using authentication delegation, do not select this option.
Require password after period of inactivity
This setting specifies the period of inactivity that must elapse before a password is required.
Take action after invalid password attempts
This setting specifies whether there is a limit to the number of times that a user can enter an incorrect password. If you select this rule, specify the number of times that a user can enter an incorrect password and the action that occurs after the limit has been reached. Choose one of the following actions:
  • Lock out user
  • Wipe Data
Wearables
Allow wearables
This setting specifies whether
BlackBerry Dynamics
apps can be used on a wearable device. If you select this rule, specify the how much time must elapse before the wearable device is disconnected and whether the wearable can reconnect automatically.
App authentication delegation
App
You can designate a
BlackBerry Dynamics
app to act as the authentication delegate on behalf of other other
BlackBerry Dynamics
apps so that users do not have to create a password for each
BlackBerry Dynamics
app that they install. After an authentication delegate is configured, each time a user opens a
BlackBerry Dynamics
app, the device displays the password screen for the authentication delegate instead of the app that they are attempting to open. After the user enters the password for the authentication delegate, the user can open the
BlackBerry Dynamics
app.
You can choose any app to be the authentication delegate for other apps, but it is recommended that you choose your most commonly used app to be the primary authentication delegate to provide the most seamless experience for the user.
As a best practice, it is recommended that you set only one authentication delegate. This prevents unnecessarily complex and undesirable authentication delegate switching and simplifies administrative management. If a user accidentally deletes the authentication delegate, they must reinstall it. If more than one authentication delegate is required, for example, the primary authentication delegate does not exist for a given platform and an alternate delegate is configured, refer to the following recommendations to make sure that
BlackBerry Dynamics
apps are successfully installed and activated:
  • Users should always install the primary authentication delegate first and they should not activate it using an already installed, alternate authentication delegate app.
  • If the user already has an alternate authentication delegate installed and in use, and then later installs the primary authentication delegate, they need to make sure that the existing, installed authentication delegate is in an unlocked state to successfully complete the authentication. If the alternate authentication delegate has been force closed, the user will encounter various errors and may be blocked.
  • Users must not delete the currently installed authentication delegate after they install their primary authentication delegate.  Apps that are currently using that authentication delegate will need to automatically switch to the new authentication delegate when the app is next launched in online mode.
  • If the primary authentication delegate is deleted, users should reactivate the authentication delegate using an access key. If they attempt to activate the authentication delegate with any other app, it may cause various errors.
  • Even if the
    Allow self-authentication when no authentication delegate application is detected
    option is selected, or if an app that is designated as a secondary or tertiary authentication delegate is installed, there is no fallback mechanism to allow apps to change the authentication delegate without the original authentication delegate being installed and unlocked.
  • Select the
    Allow self-authentication when no authentication delegate application is detect
    option if you want to allow the user to authenticate the app when an authentication delegate is not installed on a device.
Data leakage prevention
Do not allow copying data from non
BlackBerry Dynamics
apps into
BlackBerry Dynamics
apps
This setting specifies whether users can copy data from non
BlackBerry Dynamics
apps to
BlackBerry Dynamics
apps.
If you are using an app-based PKI solution such as
Purebred
, do not select this option.
Do not allow Android dictation
This setting specifies whether
Android
device users can use voice dictation with
BlackBerry Dynamics
apps.
Do not allow screen captures on
Android
devices
This setting specifies whether
Android
device users can take screen captures in
BlackBerry Dynamics
apps.
Do not allow screen recording and sharing on
iOS
devices
This setting specifies whether
iOS
device users can share and record screens in
BlackBerry Dynamics
apps.
This setting applies to devices running
iOS
11 and later.
Do not allow
iOS
dictation
This setting specifies whether
iOS
device users can use voice dictation with
BlackBerry Dynamics
apps.
Do not allow custom keyboards on
iOS
devices
This setting specifies whether
iOS
device users can use custom keyboards with
BlackBerry Dynamics
apps.
Enable
Android
keyboard restricted mode
This setting specifies whether
Android
device users can use custom keyboards with
BlackBerry Dynamics
apps.
Enable FIPS
This setting specifies whether compliance with U.S. Federal Information Processing standard 140-2 is enforced.
Federal Information Processing Standards (FIPS) are U.S. government regulations regarding computing and computing security. When you enable FIPS compliance, the major effect is on associated applications. Enabling FIPS compliance enforces the following constraints in conformance with FIPS:
  • MD4 and MD5 are prohibited by FIPS, which means that access to NTLM- or NTLM2-protected web pages and files is blocked.
  • Wrapped applications are blocked.
  • In secure socket key exchanges with ephemeral keys, with servers that are not configured to use Diffie-Hellman keys of sufficient length,
    BlackBerry Dynamics
    retries with static RSA cipher suites.
Certificates
Enable device certificate store
This setting specifies whether
BlackBerry Dynamics
apps can get certificates from the device certificate store.
Detailed logging
Enable detailed logging for
BlackBerry Dynamics
apps
This setting specifies whether log files can be generated and uploaded from
BlackBerry Dynamics
apps.
Prevent users from turning on detailed logging in
BlackBerry Dynamics
apps
This setting specifies whether users can turn on the ability to generate and share detailed log files from
BlackBerry Dynamics
apps.
Agreement
Enable an agreement message for
BlackBerry Dynamics
apps
This setting specifies whether to display a message in
BlackBerry Dynamics
apps that the user must acknowledge. If authentication delegation is enabled, the message is displayed only in the authenticator app. If you select this rule, complete the following actions:
  • Specify if the message is displayed each time the app is unlocked, otherwise the message is only displayed the first time the user opens the app.
  • In the
    Message
    field, create the message that you want to display.
    On
    Android
    devices, only the first 4000 characters are displayed.