- Configuring BlackBerry UEM for the first time
- Changing BlackBerry UEM certificates
- Configuring BlackBerry UEM to send data through a proxy server
- Sending data through a TCP proxy server to the BlackBerry Infrastructure
- Sending data through the BlackBerry Router to the BlackBerry Infrastructure
- Configuring connections through internal proxy servers
- Connecting to your company directories
- Configuring Microsoft Active Directory authentication in an environment that includes Exchange linked mailboxes
- Connect to a Microsoft Active Directory instance
- Connect to an LDAP directory
- Enable directory-linked groups
- Enabling onboarding
- Synchronize a company directory connection
- Removing a connection to a company directory
- Connecting to an SMTP server to send email notifications
- Configuring database mirroring
- Connecting BlackBerry UEM to Microsoft Azure
- Enable access to the BlackBerry Web Services over the BlackBerry Infrastructure
- Obtaining an APNs certificate to manage iOS and macOS devices
- Obtain a signed CSR from BlackBerry
- Request an APNs certificate from Apple
- Register the APNs certificate
- Renew the APNs certificate
- Troubleshooting APNs
- Configuring BlackBerry UEM for DEP
- Configuring BlackBerry UEM to support Android Enterprise devices
- Simplifying Windows 10 activations
- Deploy a discovery service to simplify Windows 10 activations
- Integrating UEM with Azure Active Directory join
- Configuring Windows Autopilot in Microsoft Azure
- Migrating users, devices, groups, and other data from a source server
- Prerequisites: Migrating users, devices, groups, and other data from a source server
- Connect to a source server
- Considerations: Migrating IT policies, profiles, and groups from a source server
- Migrate IT policies, profiles, and groups from a source server
- Complete policy and profile migration for BlackBerry Dynamics-activated users
- Considerations: Migrating users from a source server
- Migrate users from a source server
- Considerations: Migrating devices from a source server
- Migrate devices from a source server
- Migrating DEP devices
- Configuring BlackBerry UEM to support BlackBerry Dynamics apps
- Manage BlackBerry Proxy clusters
- Configure Direct Connect using port forwarding
- Configure BlackBerry Dynamics properties
- Configure communication settings for BlackBerry Dynamics apps
- Sending BlackBerry Dynamics app data through an HTTP proxy
- BlackBerry Dynamics connectivity and routing behavior
- Default routing
- Example routing scenarios
- Scenario 1: Route traffic to specific servers or domains through BlackBerry Proxy
- Scenario 2: Route all traffic through the BlackBerry Proxy and then through a web proxy server
- Scenario 3: Route some traffic internally for most apps but configure a proxy server specifically for web browsing using BlackBerry Access
- BlackBerry Dynamics data flow
- Configuring Kerberos for BlackBerry Dynamics apps
- Domains, realms, and forests
- Configure Kerberos Constrained Delegation
- Troubleshooting and diagnostics
- Configuring Kerberos PKINIT
- Integrating BlackBerry UEM with Cisco ISE
- Requirements: Integrating BlackBerry UEM with Cisco ISE
- Create an administrator account that Cisco ISE can use
- Add the BlackBerry Web Services certificate to the Cisco ISE certificate store
- Connect BlackBerry UEM to Cisco ISE
- Example: Authorization policy rules for BlackBerry UEM
- Managing network access and device controls using Cisco ISE
Configuring Kerberos PKINIT
BlackBerry Dynamicsuser authentication using PKI certificates.
If you want to use
BlackBerry Dynamicsapps, your organization must meet the following requirements:
- KerberosConstrained Delegation must not be enabled.
- The KDC host must be added to the Allowed Domains list in theBlackBerry DynamicsConnectivity Profile.
- The KDC host must be listening on TCP port 88 (theKerberosdefault port).
- BlackBerry Dynamicsdoesn't support KDC over UDP.
- The KDC must have anArecord (IPv4) orAAAArecord (IPv6) in your DNS.
- BlackBerry Dynamicsdoesn't useKerberosconfiguration files (such askrb5.conf) to locate the correct KDC.
- The KDC can refer the client to another KDC host.BlackBerry Dynamicswill follow the referral, as long as the KDC host that is referred to is added to the Allowed Domains list in theBlackBerry DynamicsConnectivity Profile.
- The KDC can obtain the TGT transparently toBlackBerry Dynamicsfrom another KDC host.
- WindowsKDC server certificates issued via the Active Directory Certificate Services must come only from the followingWindows Serverversions. No other server versions are supported.
- Internet Information Server withWindows Server2008 R2
- Internet Information Server withWindows Server2012 R2
- Valid KDC service certificates must be located either in theBlackBerry DynamicsCertificate Store or the Device Certificate Store.
- The minimum keylength for the certificates must be 2,048 bytes.
- Client certificates must include the User Principal Name (for example, firstname.lastname@example.org) in the Subject Alternative Name of object ID szOID_NT_PRINCIPAL_NAME 126.96.36.199.4.1.3188.8.131.52
- The domain of the User Principal Name must match the name of the realm of the Windows KDC service.
- The Extended Key Usage property of the certificate must beMicrosoftSmart Card logon (184.108.40.206.4.1.3220.127.116.11).
- Certificates must be valid. Validate them against the servers listed above.