Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry UEM 12.21
  3. UEM Overview and Architecture
  4. Data flows: Activating devices and BlackBerry Dynamics apps
  5. Data flow: Activating an iOS device

Data flow: Activating an 
iOS
 device

Diagram showing the steps and components mentioned in the following data flow.
  1. If you plan to use the 
    Apple
     Device Enrollment Program, you perform the following actions:
    1. Make sure that 
      BlackBerry UEM
       is configured to synchronize with DEP
    2. Register the device in DEP and assign it to an MDM server
    3. Assign an enrollment configuration to the device
  2.  You perform the following actions:
    1. Add a user to 
      BlackBerry UEM
       as a local user account or using the account information retrieved from your company directory
    2. Assign an activation profile to the user
    3. Use one of the following options to provide the user with activation details:
      • Automatically generate a device activation password and, optionally, a 
        QR Code
         and send an email with activation instructions for the user
      • Set a device activation password and communicate the username and password to the user directly or by email
      • Don't set a device activation password and communicate the 
        BlackBerry UEM Self-Service
         address to the user so that they can set their own activation password and view a 
        QR Code
        .
  3. If the device is registered in the 
    Apple
     DEP, the device communicates with the 
    Apple
     DEP web service during its initial setup. If you configured the device to install the 
    BlackBerry UEM Client
     app, the device automatically downloads and installs it.
  4. If the device is not registered in the 
    Apple
     DEP or if you did not configure the device to install the 
    BlackBerry UEM Client
    , the user manually downloads and installs the 
    BlackBerry UEM Client
     on the device. After it is installed, the user opens the 
    BlackBerry UEM Client
     and enters the email address and activation password or scans the 
    QR Code
    .
  5. The 
    BlackBerry UEM Client
     performs the following actions:
    1. Establishes a connection to the 
      BlackBerry Infrastructure
    2. Sends a request for activation information to the 
      BlackBerry Infrastructure
  6. The 
    BlackBerry Infrastructure
     performs the following actions:
    1. Verifies that the user is a valid, registered user
    2. Retrieves the 
      BlackBerry UEM
       address for the user
    3. Sends the address to the 
      BlackBerry UEM Client
  7. The 
    BlackBerry UEM Client
     establishes a connection with 
    BlackBerry UEM
     using an HTTP CONNECT call over port 443 and sends an activation request to 
    BlackBerry UEM
    . The activation request includes the username, password, device operating system, and unique device identifier.
  8. BlackBerry UEM
     performs following actions:
    1. Inspects the credentials for validity
    2. Creates a device instance
    3. Associates the device instance with the specified user account in the 
      BlackBerry UEM
       database
    4. Adds the enrollment session ID to an HTTP session
    5. Sends a successful authentication message to the device
  9. The 
    BlackBerry UEM Client
     creates a CSR using the information received from 
    BlackBerry UEM
     and sends a client certificate request over HTTPS.
  10. BlackBerry UEM
     performs the following actions:
    1. Validates the client certificate request against the enrollment session ID in the HTTP session
    2. Signs the client certificate request with the root certificate
    3. Sends the signed client certificate and root certificate back to the 
      BlackBerry UEM Client
    A mutually authenticated TLS session is established between the 
    BlackBerry UEM Client
     and 
    BlackBerry UEM
    .
  11. The 
    BlackBerry UEM Client
     displays a message to inform the user that a certificate must be installed to complete the activation. The user clicks OK and is redirected to the link for the native MDM Daemon activation. The 
    BlackBerry UEM Client
     establishes a connection to 
    BlackBerry UEM
    .
  12. BlackBerry UEM
     provides the MDM profile to the device. This profile contains the MDM activation URL and the challenge. The MDM profile is wrapped as a PKCS#7 signed message that includes the full certificate chain of the signer, which allows the device to validate the profile. This triggers the enrollment process.
  13. The native MDM Daemon on the device sends the device profile, including the customer ID, language, and OS version, to 
    BlackBerry UEM
    .
  14. BlackBerry UEM
     validates that the request is signed by a CA and responds to the native MDM Daemon with a successful authentication notification.
  15. The native MDM Daemon sends a request to 
    BlackBerry UEM
     asking for the CA certificate, CA capabilities information, and a device-issued certificate.
  16. BlackBerry UEM
     sends the CA certificate, CA capabilities information, and the device-issued certificate to the native MDM Daemon.
  17. The native MDM Daemon installs the MDM profile on the device. The 
    BlackBerry UEM Client
     notifies 
    BlackBerry UEM
     of the successful installation of the MDM profile and certificate and polls 
    BlackBerry UEM
     periodically until it acknowledges that the MDM activation is complete.
  18. BlackBerry UEM
     acknowledges that the MDM activation is complete.
  19. The 
    BlackBerry UEM Client
     requests all configuration information and sends the device and software information to 
    BlackBerry UEM
    .
  20. BlackBerry UEM
     stores the device information in the database and sends configuration information to the device.
  21. The device sends an acknowledgment to 
    BlackBerry UEM
     that it received and applied the configuration updates. The activation process is complete.