Setting up single sign-on authentication for devices

Using a single sign-on profile, you can enable

BlackBerry 10

devices and certain

iOS

devices to authenticate automatically with domains and web services in your organization’s network. After you assign a single sign-on profile, the user is prompted for a username and password the first time they try to access a secure domain that you specified. The login information is saved on the user’s device and used automatically when the user tries to access any of the secure domains specified in the profile. When the user changes the password, the user is prompted the next time they try to access a secure domain.

For devices running

iOS

(or iPadOS) 13 or later, you must use a single sign-on extension profile to enable the devices to authenticate automatically with domains and web services in your organization's network.

You can also use a single sign-on profile to specify trusted domains for certificates that you send to

BlackBerry 10

devices using a SCEP profile. Once you specify trusted domains,

BlackBerry 10

users can select the required certificates when they access a trusted domain.

Single sign-on profiles support the following authentication types:

Authentication type	Device OS	Applies to
Kerberos	iOS	Browser and apps Can restrict which apps can use the profile
Kerberos	BlackBerry 10	Browser and apps in the work space
NTLM specify trusted domains for SCEP certificates	BlackBerry 10	Browser and apps in the work space

BlackBerry Dynamics

apps also support

Kerberos

authentication. For more information, see Configuring

Prerequisites: Using Kerberos authentication for devices

Certificate-based authentication for iOS devices

Create a single sign-on profile

Create a single sign-on extension profile