- Configuring BlackBerry UEM for the first time
- Changing BlackBerry UEM certificates
- Configuring BlackBerry UEM to send data through a proxy server
- Configuring connections through internal proxy servers
- Connecting to your company directories
- Connecting to an SMTP server to send email notifications
- Configuring database mirroring
- Connecting BlackBerry UEM to Microsoft Azure
- Enable access to the BlackBerry Web Services over the BlackBerry Infrastructure
- Obtaining an APNs certificate to manage iOS and macOS devices
- Configuring BlackBerry UEM for DEP
- Configuring BlackBerry UEM to support Android Enterprise devices
- Simplifying Windows 10 activations
- Migrating users, devices, groups, and other data from a source server
- Prerequisites: Migrating users, devices, groups, and other data from a source server
- Connect to a source server
- Considerations: Migrating IT policies, profiles, and groups from a source server
- Migrate IT policies, profiles, and groups from a source server
- Complete policy and profile migration from Good Control to BlackBerry UEM
- Considerations: Migrating users from a source server
- Migrate users from a source server
- Considerations: Migrating devices from a source server
- Migrate devices from a source server
- Migrating DEP devices
- Configuring BlackBerry UEM to support BlackBerry Dynamics apps
- Manage BlackBerry Proxy clusters
- Configure Direct Connect using port forwarding
- Configure BlackBerry Dynamics properties
- Configure communication settings for BlackBerry Dynamics apps
- Configuring Kerberos for BlackBerry Dynamics apps
- Integrating BlackBerry UEM with Cisco ISE
- Requirements: Integrating BlackBerry UEM with Cisco ISE
- Create an administrator account that Cisco ISE can use
- Add the BlackBerry Web Services certificate to the Cisco ISE certificate store
- Connect BlackBerry UEM to Cisco ISE
- Example: Authorization policy rules for BlackBerry UEM
- Managing network access and device controls using Cisco ISE
- BlackBerry Docs
- BlackBerry UEM 12.11
- Installation and Configuration
- Configuration
- Configure constrained delegation for the Microsoft Active Directory account to support single sign-on
Configure constrained delegation for the Microsoft Active
Directory account to support single sign-on
Microsoft Active
Directory
account to support single sign-onTo support single sign-on for
BlackBerry UEM
, you must configure constrained delegation for the Microsoft Active
Directory
account that BlackBerry UEM
uses for the directory connection. Constrained delegation allows browsers to authenticate with BlackBerry UEM
on behalf of administrators or users when they access the management console or BlackBerry UEM Self-Service
.- Use theWindows ServerADSI Edit tool or setspn command-line tool to add the following SPNs forBlackBerry UEMto theMicrosoft Active Directoryaccount:
- HTTP/<host_FQDN_or_pool_name>(for example, HTTP/domain123.example.com)
- BASPLUGIN111/<host_FQDN_or_pool_name>(for example, BASPLUGIN111/domain123.example.com)
If you configured high availability for the management consoles in aBlackBerry UEMdomain, specify the pool name. Otherwise, specify the FQDN of the computer that hosts the management console.Verify that no other accounts in theMicrosoft Active Directoryforest have the same SPNs. - OpenMicrosoft Active Directory Users and Computers.
- In theMicrosoft Active Directoryaccount properties, on theDelegationtab, select the following options:
- Trust this user for delegation to specified services only
- UseKerberosonly
- Add the SPNs from step 1 to the list of services.