Skip Navigation

Configuring BlackBerry UEM
Changing the certificates that BlackBerry UEM uses for authentication
- Considerations for changing BlackBerry Dynamics certificates
- Change a BlackBerry UEM certificate
Installing the BlackBerry Connectivity Node to connect to resources behind your organization's firewall
Configuring BlackBerry UEM to send data through a proxy server
- Sending data through a TCP proxy server to the BlackBerry Infrastructure
  - Configure BlackBerry UEM to use a transparent TCP proxy server
  - Enable SOCKS v5 on a TCP proxy server
- Install a standalone BlackBerry Router in a UEM Cloud environment
Configure connections through internal proxy servers
Connect to an SMTP server to send email notifications
Connecting to your company directories
Connecting BlackBerry UEM to Microsoft Entra ID
Obtaining an APNs certificate to manage iOS and macOS devices
- Request and register an APNs certificate
- Troubleshooting: APNs
Configure BlackBerry UEM for DEP
Configuring BlackBerry UEM to support Android Enterprise devices
- Configure BlackBerry UEM to support Android Enterprise devices
Configuring BlackBerry UEM to support Android Management devices
- Configure Android Management in the Google Cloud console
- Configure Android Management in BlackBerry UEM
Extending the management of Chrome OS devices to BlackBerry UEM
Simplifying Windows 10 activations
- Integrate UEM with Entra ID join
  - Configure Windows Autopilot for device activation
- Deploy a discovery service to simplify Windows 10 activations
Migrating users, devices, groups, and other data from a source server
Configuring network communication and properties for BlackBerry Dynamics apps
Integrating BlackBerry UEM with Cisco ISE
Set up VPN using Knox StrongSwan for UEM dark site environments

Requirements to support
Kerberos
PKINIT for
BlackBerry Dynamics
apps

BlackBerry UEM

supports

Kerberos

PKINIT for

BlackBerry Dynamics

user authentication using PKI certificates. If you want to use

Kerberos

PKINIT for

BlackBerry Dynamics

apps, your organization must meet the following requirements:

Item	Requirements
KDC	You must add the KDC host to the allowed domains list in the assigned BlackBerry Dynamics connectivity profile. For more information, see Create a BlackBerry Dynamics connectivity profile in the Administration content. The KDC host must be listening on TCP port 88 (the Kerberos default port). The KDC must have an A record (IPv4) or AAAA record (IPv6) in your DNS. BlackBerry Dynamics doesn't support KDC over UDP. BlackBerry Dynamics doesn't use Kerberos configuration files (such as krb5.conf) to locate the correct KDC. The KDC can refer the client to another KDC host. BlackBerry Dynamics will follow the referral, as long as the KDC host that is referred to is added to the allowed domains list in the BlackBerry Dynamics connectivity profile. The KDC can obtain the TGT transparently to BlackBerry Dynamics from another KDC host. Kerberos Constrained Delegation must not be enabled.
Server certificates	Windows KDC server certificates issued via the Active Directory certificate services must come only from the following Windows Server versions. No other server versions are supported. Internet Information Server with Windows Server 2008 R2 Internet Information Server with Windows Server 2012 R2 Valid KDC service certificates must be located either in the BlackBerry Dynamics certificate store or the device certificate store.
Client certificates	The minimum key length for the certificates must be 2048 bytes. The extended key usage property of the certificate must be Microsoft Smart Card logon (1.3.6.1.4.1.311.20.2.2). Client certificates must include the User Principal Name (for example, user@domain.com) in the Subject Alternative Name of object ID szOID_NT_PRINCIPAL_NAME 1.3.6.1.4.1.311.20.2.3. If the user is issued more than one client certificate, the domain of the User Principal Name must match the domain of the resource that is being accessed to ensure that the correct certificate is used. Certificates must be valid. Validate them against the servers listed above.

Configuring Kerberos authentication for BlackBerry Dynamics apps