- Configuring BlackBerry UEM for the first time
- Changing BlackBerry UEM certificates
- Configuring BlackBerry UEM to send data through a proxy server
- Configuring connections through internal proxy servers
- Connecting to your company directories
- Configuring Microsoft Active Directory authentication in an environment that includes Exchange linked mailboxes
- Connect to a Microsoft Active Directory instance
- Connect to an LDAP directory
- Enable directory-linked groups
- Enabling onboarding
- Synchronize a company directory connection
- Removing a connection to a company directory
- Connecting to an SMTP server to send email notifications
- Configuring database mirroring
- Connecting BlackBerry UEM to Microsoft Azure
- Create a Microsoft Azure account
- Synchronize Microsoft Active Directory with Microsoft Azure
- Create an app registration in Azure
- Configuring Azure Active Directory conditional access
- Configure BlackBerry UEM as a Compliance Partner in Azure
- Configure Azure Active Directory conditional access
- Configure the BlackBerry Dynamics connectivity profile to support the Azure Conditional Access feature
- Assign the Feature - Azure conditional access app to users
- Configure a BlackBerry Dynamics Profile
- Remove devices from Azure Active Directory conditional access
- Enable access to the BlackBerry Web Services over the BlackBerry Infrastructure
- Obtaining an APNs certificate to manage iOS and macOS devices
- Configuring BlackBerry UEM for DEP
- Configuring BlackBerry UEM to support Android Enterprise devices
- Extending the management of Chrome OS devices to BlackBerry UEM
- Setting up management of Chrome OS devices if you have already configured BlackBerry UEM to use Android Enterprise
- Create a service account that BlackBerry UEM uses to authenticate with your Google Cloud or Google Workspace by Google domain
- Enable additional APIs to allow BlackBerry UEM to sync the Chrome OS data
- Integrate BlackBerry UEM with your Google Cloud or Google Workspace by Google domain so you can use Chrome OS devices
- Synchronize BlackBerry UEM with the Google admin console
- Simplifying Windows 10 activations
- Migrating users, devices, groups, and other data from a source server
- Prerequisites: Migrating users, devices, groups, and other data from a source server
- Connect to a source server
- Considerations: Migrating IT policies, profiles, and groups from a source server
- Migrate IT policies, profiles, and groups from a source server
- Complete policy and profile migration for BlackBerry Dynamics-activated users
- Considerations: Migrating users from a source server
- Migrate users from a source server
- Considerations: Migrating devices from a source server
- Migrate devices from a source server
- Migrating DEP devices
- Configuring BlackBerry UEM to support BlackBerry Dynamics apps
- Manage BlackBerry Proxy clusters
- Configure Direct Connect using port forwarding
- Configure BlackBerry Dynamics properties
- Configure communication settings for BlackBerry Dynamics apps
- Sending BlackBerry Dynamics app data through an HTTP proxy
- BlackBerry Dynamics connectivity and routing behavior
- Default routing
- Example routing scenarios
- Scenario 1: Route traffic to specific servers or domains through BlackBerry Proxy
- Scenario 2: Route all traffic through the BlackBerry Proxy and then through a web proxy server
- Scenario 3: Route some traffic internally for most apps but configure a proxy server specifically for web browsing using BlackBerry Access
- BlackBerry Dynamics data flow
- Configuring Kerberos for BlackBerry Dynamics apps
- Connect BlackBerry UEM to a BlackBerry Dynamics PKI connector
- Integrating BlackBerry UEM with Cisco ISE
- Requirements: Integrating BlackBerry UEM with Cisco ISE
- Create an administrator account that Cisco ISE can use
- Add the BlackBerry Web Services certificate to the Cisco ISE certificate store
- Connect BlackBerry UEM to Cisco ISE
- Example: Authorization policy rules for BlackBerry UEM
- Managing network access and device controls using Cisco ISE
- BlackBerry Docs
- BlackBerry UEM 12.18
- Installation and configuration
- Configuration
- Configuring BlackBerry UEM to support BlackBerry Dynamics apps
- Configuring Kerberos for BlackBerry Dynamics apps
Configuring Kerberos for BlackBerry
Dynamics apps
Kerberos
for BlackBerry
Dynamics
appsBlackBerry
Dynamics
apps support both Kerberos
Constrained Delegation and Kerberos
PKINIT. Kerberos
Constrained Delegation (KCD) and Kerberos
PKINIT are distinct implementations of Kerberos
. You can support one or the other for BlackBerry
Dynamics
apps, but not both.Kerberos
Constrained Delegation (KCD) allows users to access enterprise resources without having to enter their network credentials. KCD uses service tickets that are encrypted and decrypted by keys that do not contain the user’s credentials.When
delegation
is configured, the BlackBerry
Dynamics
app delegates authentication to BlackBerry UEM
to act on its behalf to request access to a work resource. KCD constrains
the accessed resources: administrators can limit the network resources that are accessible. This is accomplished by configuring the account under which the delegate (BlackBerry UEM
) runs as trusted only for specific services.For example, if KCD is not configured and an app requests a resource like mypage.mydomain.com, the app prompts the user for credentials. When KCD is configured, the
BlackBerry
Dynamics
infrastructure handles authentication and the user is not prompted for credentials for the resource. Kerberos
is a part of Microsoft Active
Directory
. Before configuring Kerberos
Constrained Delegation in BlackBerry UEM
, ensure your Kerberos
environment is functioning properly and that you understand the implications involved in configuring Constrained Delegation for internal resources. Consult the appropriate Microsoft
documentation if you require information on Kerberos
in general or Constrained Delegation. Kerberos
PKINIT authentication establishes trust directly between the BlackBerry
Dynamics
app and the Windows
KDC. User authentication is based on certificates issued by Microsoft Active Directory Certificate Services. To use PKINIT, Kerberos
Constrained Delegation must not be enabled in the app settings in BlackBerry UEM
.The information in this section is a guideline. If you require more information about
Kerberos
and BlackBerry UEM
, contact BlackBerry Technical Support.