Data flow: Activating a

BlackBerry Dynamics

app for the first time on a device

An administrator performs the following actions:

Assigns one or more
BlackBerry Dynamics
apps to a user.
Issues activation credentials (access key, activation password, or QR code) or using a third-party identity provider, and sends them to the user or instructs the user to generate credentials from
BlackBerry UEM Self-Service
.

The user performs the following actions:

Installs the app on the device.
Obtains and enters the provided activation credentials .

The

BlackBerry Dynamics

app performs the following actions:

Connects to the
BlackBerry Dynamics NOC
and completes activation.
Obtains the
BlackBerry UEM
address using one of the following methods:
If the user manually entered the credentials, the app fetches the address from the
BlackBerry Infrastructure
.
If the user scanned a QR Code, the app receives the address from the QR code.
Connects to
BlackBerry UEM
through the
BlackBerry Infrastructure
and establishes an end-to-end encrypted session with
BlackBerry UEM
using the EC-SPEKE protocol.
This session can only be decrypted by the
BlackBerry UEM
instance that issued the activation credentials.
Sends the activation request over the secured session.

BlackBerry UEM

verifies the activation request and sends encrypted activation response to the app. The activation response includes data required by the app to communicate with

BlackBerry UEM

, including a client certificate, master session key, list of

BlackBerry Proxy

instances, and trusted certificate authorities.

The app prompts the user to set a password for the app and register it as an easy activation delegate with the

BlackBerry Dynamics NOC

to allow subsequent

BlackBerry Dynamics

app to be activated on the device without the user manually obtaining new credentials.