Skip Navigation

Setting up single sign-on authentication for devices

Using a single sign-on profile, you can enable
BlackBerry 10
devices and certain
iOS
devices to authenticate automatically with domains and web services in your organization’s network. After you assign a single sign-on profile, the user is prompted for a username and password the first time they try to access a secure domain that you specified. The login information is saved on the user’s device and used automatically when the user tries to access any of the secure domains specified in the profile. When the user changes the password, the user is prompted the next time they try to access a secure domain.
For devices running
iOS
(or iPadOS) 13 or later, you must use a single sign-on extension profile to enable the devices to authenticate automatically with domains and web services in your organization's network. 
You can also use a single sign-on profile to specify trusted domains for certificates that you send to
BlackBerry 10
devices using a SCEP profile. Once you specify trusted domains,
BlackBerry 10
users can select the required certificates when they access a trusted domain.
Single sign-on profiles support the following authentication types:
Authentication type
Device OS
Applies to
  • Kerberos
iOS
  • Browser and apps
  • Can restrict which apps can use the profile
BlackBerry 10
  • Browser and apps in the work space
  • NTLM
  • specify trusted domains for SCEP certificates
BlackBerry 10
  • Browser and apps in the work space
BlackBerry Dynamics
apps also support
Kerberos
authentication. For more information, see Configuring
Kerberos
for
BlackBerry Dynamics
apps
.