Get the PDF

About BlackBerry UEM for dark sites
Installing or upgrading BlackBerry UEM in a dark site environment
- Install or upgrade BlackBerry UEM
- Logging in to BlackBerry UEM
  - Log in to BlackBerry UEM for the first time
Configuring BlackBerry UEM for dark sites
- Adding licenses to BlackBerry UEM
- Obtaining an APNs certificate to manage iOS devices
Managing users and devices in a dark site environment
Product documentation

Data flow: Activating a device to use
Knox Workspace

Diagram showing the steps and the BlackBerry UEM components used when activating a Samsung Knox Workspace device in a dark site environment.

You perform the following actions:

Add a user to

BlackBerry UEM

as a local user account or using the account information retrieved from your company directory.

Make sure the "

Work and personal - full control

(

Samsung Knox

)" or "

Work space only

- (

Samsung Knox

)" activation type is assigned to the user.

Instruct the user to download and install the

BlackBerry UEM Client

Use one of the following options to provide the user with activation details:

Automatically generate a device activation password and send an email with activation instructions for the user

Set a device activation password and communicate the username and password to the user directly or by email

Communicate the

BlackBerry UEM Self-Service

address to the user so that they can set their own activation password

The user performs the following actions:

Connects to your work

Wi-Fi

network

Downloads and installs the

UEM Client

on the device

Opens the

UEM Client

and enters the email address and activation password

The

UEM Client

establishes a connection with

BlackBerry UEM

and sends an activation request to

BlackBerry UEM

. The activation request includes the username, password, device operating system, and unique device identifier.

BlackBerry UEM

performs following actions:

Inspects the credentials for validity

Creates a device instance

Associates the device instance with the specified user account in the

BlackBerry UEM

database

Adds the enrollment session ID to an HTTP session

Sends a successful authentication message to the device

The

UEM Client

creates a CSR using the information received from

BlackBerry UEM

and sends a client certificate request to

BlackBerry UEM

over HTTPS.

BlackBerry UEM

performs the following actions:

Validates the client certificate request against the enrollment session ID in the HTTP session

Signs the client certificate request with the root certificate

Sends the signed client certificate and root certificate back to the

UEM Client

A mutually authenticated TLS session is established between the

UEM Client

and

BlackBerry UEM

The

UEM Client

requests all configuration information and sends the device and software information to

BlackBerry UEM

stores the device information in the database and sends the requested configuration information to the device.

The

UEM Client

determines if the device uses

Knox Workspace

and is running a supported version. If the device uses

Knox Workspace

, the device connects to the local

Samsung

on-premises licensing server and activates the

Knox

management license. After it's activated, the

UEM Client

applies the

Knox

MDM and

Knox Workspace

IT policy rules.

The device sends an acknowledgment to

BlackBerry UEM

that it received and applied the configuration information. The activation process is complete.

After the activation is complete, the user is prompted to create a work space password for the

Knox Workspace

. Data in the

Knox Workspace

is protected using encryption and a method of authentication such as a password, PIN, pattern, or fingerprint.

If the device is activated with the "

Work space only

- (

Samsung Knox

)" activation type, the personal space is removed when the

Knox Workspace

is set up.

Section:

Activating Samsung Knox devices

Data flow: Activating a device to use Knox Workspace

Data flow: Activating a device to use
Knox Workspace