Dynamics apps to use app-based certificates
BlackBerry Dynamicsapps to use app-based certificates
BlackBerry Dynamicsapps automatically select which certificate to use for S/MIME and for authentication over TLS connections based on the key usage and extended key usage properties in the certificates. If two or more certificates have same set of properties, apps may not be able to resolve which certificate to use for TLS authentication. You can help apps determine which certificate to use by following the steps below.
Make sure you have completed one of the following:
- If your environment uses an app-based PKI solution withiOSdevices, connect BlackBerry UEM to your organization’s app-based PKI solution.
- If your environment uses an app-based PKI solution withiOSdevices, and the PKI app is not aBlackBerry Dynamicsapp, configure the BlackBerry UEM Client to support app-based certificates.
- In theUEMmanagement console, on the menu bar, clickApps.
- In the app list, select the app (for example,BlackBerry WorkorBlackBerry Access).
- Select theAllow BlackBerry Dynamics apps to use user certificates, SCEP profiles, and user credential profilescheck box.
- If you are configuringBlackBerry Work, in theApp configurationsection, click and perform one of the following tasks:TaskStepsConfigureBlackBerry Workwhen your organization is usingBEMS
ConfigureBlackBerry Workwhen your organization is not usingBEMS
- On theBasic Configurationtab, in theSecurity Settingssection, select theUse client certificate in place of login/passwordcheckbox.
- To enable automatic discovery of theMicrosoft Exchangeserver that the users are on, in theClient Settingssection, select theUse BEMS to perform Autodiscover of the EAS/EWS endpoint for the usercheckbox.
- On theAdvanced Configurationtab, in theTLS Certificate Settingssection, type the name of the user credential profile for the device.
- Click theBasic Configurationtab.
- If your server uses the domain name\user login format, in theExchange ActiveSync Settingssection, in theDefault Domainfield, specify the defaultWindows NTDomain thatBlackBerry Workconnects to when users log in.
- In theActive Sync Serverfield, specify the defaultExchange ActiveSyncserver thatBlackBerry Workconnects to when users log in toBlackBerry Work(for example, cas.mydomain.com).
- In theAutodiscover URLfield, specify the autodiscover URL, if known. This speeds up the auto discover setup process (for example, https://autodiscover.mydomain.com).
- In theAutodiscover Connection Timeout in Seconds (iOS only)field, specify the autodiscover connection timeout in seconds.
- In theTLS Certificate Settingssection, in theUser Credential Profile Namefield, type the name of the user credential profile.
Create app-based PKI solution to use with the following devices: