Skip Navigation

Configuring single sign-on for 
BlackBerry UEM

If you connect 
BlackBerry UEM
 to 
Microsoft Active Directory
, you can configure single sign-on authentication to permit administrators or users to bypass the login webpage and access the management console or 
BlackBerry UEM Self-Service
 directly. When administrators or users log in to 
Windows
, the browser uses their credentials to authenticate them with 
BlackBerry UEM
 automatically. 
Windows
 login information can include 
Microsoft Active Directory
 credentials or derived credentials (for example, from CAC readers or digital tokens).
Before you enable single sign-on to 
BlackBerry UEM
 for a 
Microsoft Active Directory
 connection, you must configure constrained delegation for the 
Microsoft Active Directory
 account that 
BlackBerry UEM
 uses for the directory connection.
If you enable single sign-on, any changes that you make to the 
Microsoft Active Directory
 account will require that you restart the 
BlackBerry UEM
 services on each computer that hosts a 
BlackBerry UEM
 instance. Administrators and users must log out from their computers and log in again to use single sign-on for 
BlackBerry UEM
.
When you configure single sign-on for 
BlackBerry UEM
, you perform the following actions:
Step
Action
Step 1
Step 2
Step 3