Configuring single sign-on for
BlackBerry UEM

If you connect

BlackBerry UEM

Microsoft Active Directory

, you can configure single sign-on authentication to permit administrators or users to bypass the login webpage and access the management console or

BlackBerry UEM Self-Service

directly. When administrators or users log in to

Windows

, the browser uses their credentials to authenticate them with

BlackBerry UEM

automatically.

Windows

Microsoft Active Directory

credentials or derived credentials (for example, from CAC readers or digital tokens).

Before you enable single sign-on to

BlackBerry UEM

for a

Microsoft Active Directory

connection, you must configure constrained delegation for the

Microsoft Active Directory

account that

BlackBerry UEM

uses for the directory connection.

If you enable single sign-on, any changes that you make to the

Microsoft Active Directory

account will require that you restart the

BlackBerry UEM

services on each computer that hosts a

BlackBerry UEM

instance. Administrators and users must log out from their computers and log in again to use single sign-on for

BlackBerry UEM

When you configure single sign-on for

BlackBerry UEM

, you perform the following actions:

Step	Action
	Configure constrained delegation for the Microsoft Active Directory account to support single sign-on.
	Enable single sign-on for a Microsoft Active Directory connection.
	Verify browser requirements for single sign-on.