User authentication
BlackBerry UEM
and standalone Good Control
offer the following options to adjust the user experience for accessing BlackBerry
Dynamics
apps.Fingerprint and biometric authentication
Various forms of biometric authentication are supported by the
BlackBerry
Dynamics
SDK, including fingerprint authentication and for Android
and Touch ID
and Face ID
for iOS
. The BlackBerry UEM
or standalone Good Control
administrator can use a BlackBerry
Dynamics
profile (UEM
) or a security policy (Good Control
) to enable biometric authentication. Contact your organization’s administrator to enable and configure these features.For more information, see
BlackBerry
Dynamics
and Fingerprint Authentication.Authentication delegation
The
BlackBerry UEM
or standalone Good Control
administrator can configure up to three BlackBerry
Dynamics
apps on users’ devices to act as an authentication delegate (a primary, secondary, and tertiary delegate). When a user opens any BlackBerry
Dynamics
app, the device will display the login screen of the authentication delegate app. After the user logs in successfully, all of the BlackBerry
Dynamics
apps on the device are unlocked. The user does not need to enter a password again until the idle timeout is reached.If you want your custom
BlackBerry
Dynamics
app to be an authentication delegate, the UEM
or standalone Good Control
administrator must specify the app package ID (Android
) or bundle ID (iOS
) in the BlackBerry
Dynamics
app settings in the management console. Contact your organization’s administrator to provide this information. For instructions for specifying the package ID or bundle ID for an app, see Manage settings for a BlackBerry Dynamics app in the UEM Administration Guide
.The administrator configures one or more authentication delegate using a
BlackBerry
Dynamics
profile (UEM
) or a security profile (Good Control
). It is a best practice to configure the most commonly used app as the authentication delegate. Contact your organization’s administrator to configure one or more authentication delegates.
If the administrator configures a secondary authentication delegate, the administrator must notify users that if they delete the primary authentication delegate app, the user must unlock the secondary delegate app and set the app password again so that it can be used to authenticate any additional
BlackBerry
Dynamics
apps. The same requirement applies if a tertiary delegate is configured and the primary and secondary delegate apps are deleted.Do not require a password
Enabled using a
BlackBerry
Dynamics
profile (UEM
) or security policy (Good Control
), this setting removes the password login for BlackBerry
Dynamics
apps. Users cannot choose whether to use a password.Do not enable authentication delegation and this setting in the same profile or policy set. This feature is supported in
UEM
12.7 or later and Good Control
3.0.50.70 or later. If the setting is enabled and then disabled at a later date, users are prompted to create a password the next time they log in to a BlackBerry
Dynamics
app.You can use the GDAndroid.getInstance().canAuthorizeAutonomously() or [GDiOS sharedInstance].canAuthorizeAutonomously method to check if this feature is enabled. See the GDInteraction sample app (Android) or the SecureStore sample app (iOS) for examples of this method.
Bypass the app unlock screen
Enabled in the
UEM Client
settings for a specific BlackBerry
Dynamics
app (UEM
) or by using an app policy (Good Control
), this setting allows an app to completely bypass the password login screen.For more information and programming guidance, see the Bypass Unlock Developer Guide.