Configuring Kerberos authentication for BlackBerry
Dynamics apps
Kerberos
authentication for BlackBerry
Dynamics
appsIn a
BlackBerry UEM
on-premises environment, BlackBerry
Dynamics
apps support Kerberos
Constrained Delegation (KCD) and Kerberos
PKINIT. You can support KCD or Kerberos
PKINIT for BlackBerry
Dynamics
apps, but not both.Kerberos authentication | Description |
|---|---|
KCD | KCD allows users to access enterprise resources without having to enter their network credentials. KCD uses service tickets that are encrypted and decrypted by keys that do not contain the user’s credentials. When you configure KCD, the BlackBerry
Dynamics app delegates authentication to UEM to act on its behalf to request access to a work resource. You can limit the network resources that are accessible to users by configuring the account that UEM uses to be trusted only for specific services.For example, if KCD is not configured and an app requests a resource like mypage.mydomain.com, the app prompts the user for credentials. When KCD is configured, the BlackBerry
Dynamics infrastructure handles authentication and the user is not prompted for credentials. |
Kerberos PKINIT | Kerberos PKINIT authentication establishes trust directly between the BlackBerry
Dynamics app and the Windows KDC. User authentication is based on certificates issued by Microsoft Active Directory Certificate Services. |