Skip Navigation

BlackBerry Dynamics
profile settings

BlackBerry Dynamics
profiles
are supported on the following device types:
  • iOS
  • macOS
  • Android
  • Windows
BlackBerry Dynamics
profile setting
Description
Configuration
Require device management to use
BlackBerry Dynamics
apps
This setting specifies whether a device must be activated with MDM to use
BlackBerry Dynamics
apps.
Enable UEM Client to enroll in
BlackBerry Dynamics
If a device is using the
BlackBerry UEM Client
, this setting specifies whether
BlackBerry Dynamics
manages the activation of
BlackBerry Dynamics
apps and whether
BlackBerry Dynamics
apps can be used on the device. If this option is not selected,
BlackBerry Dynamics
apps could be removed from the device because the device will not be enabled for
BlackBerry Dynamics
. If you do not plan to use
BlackBerry Dynamics
in your environment, do not select this setting.
Enable
BlackBerry Dynamics Launcher
in
UEM Client
This setting specifies whether the
BlackBerry Dynamics Launcher
icon appears in the
UEM Client
.
Enable
BlackBerry Dynamics Launcher
first time setup
When the
BlackBerry Dynamics Launcher
is enabled in the
UEM Client
and appears for the first time, this setting specifies whether the tutorial appears.
Start conditional access enrollment after authentication broker is installed
If you configure Entra ID conditional access, you can enable this setting to delay the conditional access enrollment process until the
Microsoft Authenticator
app is installed on the device. This setting is turned off by default.
If enabled, after the
Microsoft Authenticator
app is installed, the conditional access enrollment process is initiated when the user opens the
UEM Client
. On
Android
devices, if the work profile is unlocked, the
UEM Client
will prompt the user to open the
UEM Client
to start the conditional access enrollment.
This option does not apply to
Android
devices with the User privacy activation type (it does apply to devices with
Android Enterprise
user privacy and
Android Management
user privacy). For User privacy devices, conditional access enrollment is always initiated after the device is activated with
UEM
.
Password
Password expiration
This setting specifies whether the password for a
BlackBerry Dynamics
app expires and the number of days a password remains valid before it expires.
Do not allow previous passwords
This setting specifies whether previous passwords can be used and the maximum number of previous passwords that cannot be used for a
BlackBerry Dynamics
app.
Minimum password length
This setting specifies the minimum length of the password for a
BlackBerry Dynamics
app.
Allowed occurrences of a character
This setting specifies how many times a character can appear in a password for a
BlackBerry Dynamics
app.
Require both letters and numbers
This setting specifies whether the password must contain both letters and numbers for a
BlackBerry Dynamics
app.
Require both uppercase and lowercase
This setting specifies whether the password must contain both uppercase and lowercase letters for a
BlackBerry Dynamics
app.
Require at least one special character
This setting specifies whether the password must contain at least one special character for a
BlackBerry Dynamics
app.
Do not allow sequences of more than two numbers
This setting specifies whether the password can contain more than two sequential numbers (for example,1, 2, 3) for a
BlackBerry Dynamics
app.
Do not allow more than one password change per day
This setting specifies whether a password can be changed more than once every 24 hours for a
BlackBerry Dynamics
app.
Do not allow personal information
This setting specifies whether the following personal information can be used in a password for a
BlackBerry Dynamics
app:
  • The user's first and last names (excluding initials) as recorded in
    Active Directory
  • The part of an email address before the @ sign.
Allow Biometrics
This setting specifies whether
BlackBerry Dynamics
apps can be unlocked using biometric input when they are already open in the app switcher on
iOS
devices.
Enable
Touch ID
and
Face ID
from cold start
This setting specifies whether
BlackBerry Dynamics
apps can be unlocked using the selected biometric input methods when they are opened for the first time after a device restarts.
Permit fallback to device passcode if biometric authentication fails.
This option allows
iOS
biometric (TouchID/FaceID) authentication to fall back to the device passcode if biometric authentication fails.
Require password to be re-entered and disable
Touch ID
and
Face ID
This setting specifies a period of time after which users must enter a password to unlock a
BlackBerry Dynamics
app and re-enable
Touch ID
,
Face ID
, or both.
Allow
Android
biometric authentication
This setting specifies whether
BlackBerry Dynamics
apps can be unlocked using any device-supported biometric authentication method. If this option is not selected, all
Android
biometric authentication features are blocked, including fingerprint, iris, and face recognition.
Enable
Android
biometric authentication after the device or app restarts
This setting specifies whether
BlackBerry Dynamics
apps can be unlocked using biometric authentication when they are opened for the first time after a device restarts.
Require password to be re-entered and disable
Android
biometric authentication
This setting specifies a period of time after which users must enter a password to unlock a
BlackBerry Dynamics
app and re-enable
Android
biometric authentication.
Do not require password
These settings specify whether a user can access a
BlackBerry Dynamics
app without entering a password.
Blocked password list
Blocked password file (.txt)
This setting specifies a list of banned passwords. You can download the previously uploaded list of banned passwords. Passwords in the list must meet the following requirements: each password must be separated by a hard return, only UTF-8 characters are supported, and passwords must be 14 characters or less.
Lock screen
Require password when
BlackBerry Dynamics
apps start
This setting specifies whether a password is required each time a
BlackBerry Dynamics
app is started. If you are using authentication delegation, do not select this option.
Require password after period of inactivity
This setting specifies the period of inactivity that must elapse before a password is required.
Take action after invalid password attempts
This setting specifies whether there is a limit to the number of times that a user can enter an incorrect password. If you select this rule, specify the number of times that a user can enter an incorrect password and the action that occurs after the limit has been reached.
Wearables
Allow
WatchOS
apps
This setting allows end users to pair their
Apple
WatchOS
apps with the supported
BlackBerry Dynamics
apps on their
iOS
device.
Allow wearables
This setting is deprecated in
UEM
version 12.19 and later.
This setting specifies whether
BlackBerry Dynamics
apps can be used on an
Android
wearable device. If you select this rule, specify how much time must elapse before the wearable device is disconnected and whether the wearable can reconnect automatically.
App authentication delegation
(
iOS
and
Android
only)
App
You can designate a
BlackBerry Dynamics
app to act as the authentication delegate on behalf of other other
BlackBerry Dynamics
apps so that users do not have to create a password for each
BlackBerry Dynamics
app that they install. After an authentication delegate is configured, each time a user opens a
BlackBerry Dynamics
app, the device displays the password screen for the authentication delegate instead of the app that they are attempting to open. After the user enters the password for the authentication delegate, the user can open the
BlackBerry Dynamics
app.
You can choose any app to be the authentication delegate for other apps, but it is recommended that you choose your most commonly used app to be the primary authentication delegate to provide the most seamless experience for the user.
As a best practice, it is recommended that you set only one authentication delegate. This prevents unnecessarily complex and undesirable authentication delegate switching and simplifies administrative management. If a user accidentally deletes the authentication delegate, they must reinstall it. If more than one authentication delegate is required, for example, the primary authentication delegate does not exist for a given platform and an alternate delegate is configured, refer to the following recommendations to make sure that
BlackBerry Dynamics
apps are successfully installed and activated:
  • Users should always install the primary authentication delegate first and they should not activate it using an already installed, alternate authentication delegate app.
  • If the user already has an alternate authentication delegate installed and in use, and then later installs the primary authentication delegate, they need to make sure that the existing, installed authentication delegate is in an unlocked state to successfully complete the authentication. If the alternate authentication delegate has been force closed, the user will encounter various errors and may be blocked.
  • Users must not delete the currently installed authentication delegate after they install their primary authentication delegate.  Apps that are currently using that authentication delegate will need to automatically switch to the new authentication delegate when the app is next launched in online mode.
  • If the primary authentication delegate is deleted, users should reactivate the authentication delegate using an access key. If they attempt to activate the authentication delegate with any other app, it may cause various errors.
  • Even if the
    Allow self-authentication when no authentication delegate application is detected
    option is selected, or if an app that is designated as a secondary or tertiary authentication delegate is installed, there is no fallback mechanism to allow apps to change the authentication delegate without the original authentication delegate being installed and unlocked.
  • Select the
    Allow self-authentication when no authentication delegate application is detect
    option if you want to allow the user to authenticate the app when an authentication delegate is not installed on a device.
Data leakage prevention
Do not allow copying data from
BlackBerry Dynamics
apps into non
BlackBerry Dynamics
apps
This setting specifies whether users can copy data from
BlackBerry Dynamics
apps into non
BlackBerry Dynamics
apps.
iOS
18.0 and later includes the
Apple
Intelligence Writing Tools feature. For
UEM
12.20 and earlier, if “Do not allow copying data from BlackBerry Dynamics apps into non BlackBerry Dynamics apps” is selected in the assigned profile, the Writing Tools feature is not available in
BlackBerry Dynamics
apps. This setting must be off (not selected) for Writing Tools to be available in
BlackBerry Dynamics
apps.
Do not allow copying data from non
BlackBerry Dynamics
apps into
BlackBerry Dynamics
apps
This setting specifies whether users can copy data from non
BlackBerry Dynamics
apps to
BlackBerry Dynamics
apps.
If you are using an app-based PKI solution such as
Purebred
, do not select this option.
Do not allow
Android
dictation
This setting specifies whether
Android
device users can use voice dictation with
BlackBerry Dynamics
apps. This setting applies to application-specific uses of voice dictation and might not apply to the keyboard, which might allow dictation through other channels. To disable dictation on keyboards, you should also select "Enable
Android
keyboard restricted mode."
Do not allow screen capture and insecure video output on
Android
and
Windows 10
devices
This setting specifies whether
Android
and
Windows 10
device users can take screen captures and record insecure video in
BlackBerry Dynamics
apps.
Do not allow screenshots on
iOS
devices
This setting specifies whether users can take screenshots in
BlackBerry Dynamics
apps on
iOS
devices. If you enable this setting, when a device user tries to take a screenshot in a
BlackBerry Dynamics
app, a blank image with the following message is saved instead: "Your organization prevents screenshots being taken within this app."
This option is supported for
BlackBerry Dynamics
apps that use
BlackBerry Dynamics SDK
12.1 and later, and replaces the
iOS
screen capture detection rule in compliance profiles.
BlackBerry
recommends using this profile setting and disabling the
iOS
screen capture compliance rule. The compliance rule will be deprecated in a future
UEM
release.
Do not allow screen recording and sharing on
iOS
devices
This setting specifies whether
iOS
device users can share and record screens in
BlackBerry Dynamics
apps.
Do not allow
iOS
dictation
This setting specifies whether
iOS
device users can use voice dictation with
BlackBerry Dynamics
apps. This setting applies only to the system keyboard and does not apply to third-party keyboards.
Do not allow custom keyboards
iOS
This setting specifies whether
iOS
device users can use custom keyboards with
BlackBerry Dynamics
apps.
Android
This setting specifies whether
Android
device users can use custom keyboards with
BlackBerry Dynamics
apps.
Enable
Android
keyboard restricted mode
This setting specifies whether
Android
device users can use custom keyboards with
BlackBerry Dynamics
apps.
Enable FIPS
This setting specifies whether compliance with U.S. Federal Information Processing standard 140-2 is enforced.
Federal Information Processing Standards (FIPS) are U.S. government regulations regarding computing and computing security. When you enable FIPS compliance, the major effect is on associated applications. Enabling FIPS compliance enforces the following constraints in conformance with FIPS:
  • MD4 and MD5 are prohibited by FIPS, which means that access to NTLM- or NTLM2-protected web pages and files is blocked.
  • Wrapped applications are blocked.
  • In secure socket key exchanges with ephemeral keys, with servers that are not configured to use Diffie-Hellman keys of sufficient length,
    BlackBerry Dynamics
    retries with static RSA cipher suites.
Certificates
Trusted Certificate Authorities
This setting specifies whether
BlackBerry Dynamics
apps can get certificates from the device certificate store.
Detailed logging
Enable detailed logging for
BlackBerry Dynamics
apps
This setting specifies whether log files can be generated and uploaded from
BlackBerry Dynamics
apps.
Prevent users from turning on detailed logging in
BlackBerry Dynamics
apps
This setting specifies whether users can turn on the ability to generate and share detailed log files from
BlackBerry Dynamics
apps.
Agreement
Enable an agreement message for
BlackBerry Dynamics
apps
This setting specifies whether to display a message in
BlackBerry Dynamics
apps that the user must acknowledge. If authentication delegation is enabled, the message is displayed only in the authenticator app. If you select this rule, complete the following actions:
  • Specify if the message is displayed each time the app is unlocked, otherwise the message is only displayed the first time the user opens the app.
  • In the
    Message
    field, create the message that you want to display. On
    Android
    devices, only the first 4000 characters are displayed.