Configuring single sign-on for BlackBerry UEM
BlackBerry UEM
If you connect
BlackBerry UEM
to Microsoft Active
Directory
, you can configure single sign-on authentication to permit administrators or users to bypass the login webpage and access the management console or BlackBerry UEM Self-Service
directly. When administrators or users log in to Windows
, the browser uses their credentials to authenticate them with BlackBerry UEM
automatically. Windows
login information can include Microsoft Active
Directory
credentials or derived credentials (for example, from CAC readers or digital tokens).Before you enable single sign-on to
BlackBerry UEM
for a Microsoft Active
Directory
connection, you must configure constrained delegation for the Microsoft Active
Directory
account that BlackBerry UEM
uses for the directory connection.If you enable single sign-on, any changes that you make to the
Microsoft Active
Directory
account will require that you restart the BlackBerry UEM
services on each computer that hosts a BlackBerry UEM
instance. Administrators and users must log out from their computers and log in again to use single sign-on for BlackBerry UEM
.When you configure single sign-on for
BlackBerry UEM
, you perform the following actions: