Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry UEM 12.12
  3. Administration
  4. Securing network connections
  5. Setting up single sign-on authentication for devices
  6. Create a single sign-on profile

Create a single sign-on profile

Single sign-on profiles are supported for 
BlackBerry 10
 and 
iOS
 devices. To set up single sign-on authentication for 
BlackBerry Dynamics
 apps, see Configuring Kerberos for BlackBerry Dynamics apps
  • If you want to configure 
    Kerberos
     authentication for 
    BlackBerry 10
     devices, locate your organization’s 
    Kerberos
     configuration file (krb5.conf).
  • If you want to use certificate-based authentication for 
    iOS
     devices, create the necessary shared certificate profile or SCEP profile.
  1. On the menu bar, click 
    Policies and Profiles
    .
  2. Click 
    Networks and connections > Single sign-on
    .
  3. Click The Add icon.
  4. Type a name and description for the profile.
  5. Perform any of the following tasks:
    Task
    Steps
    Configure 
    Kerberos
     authentication for 
    iOS
     devices
    1. Click the 
      iOS
       tab.
    2. Under 
      Kerberos
      , click The add icon.
    3. In the 
      Name
       field, type a name for the configuration.
    4. In the 
      Principal name
       field, type the name of the 
      Kerberos
       Principal, using the format 
      <primary>
      /
      <instance>
      @
      <realm>
       (for example, 
      user/admin@blackberry.example.com
      ).
    5. In the 
      Realm
       field, type the 
      Kerberos
       realm in uppercase letters (for example, 
      EXAMPLE.COM
      ).
    6. In the 
      URL prefixes
       field, type the URL prefix for the sites that you want devices to authenticate with. The prefix must begin with http:// or https://, and can include wildcard values (*) (for example, 
      https://www.blackberry.example.com/*
      ).
    7. To specify more URL prefixes, click The add icon to add more fields.
    8. If you want to limit the configuration to specific apps, click The add icon beside 
      App identifiers
      . Type the app bundle ID. You can use a wildcard value (*) to match the ID to multiple apps. (for example, 
      com.company.*
      ). 
    9. To specify more app identifiers, click The add icon to add more fields.
    10. If you want 
      iOS
       devices to use certificate-based authentication, in the 
      Credentials
       drop-down list, click 
      Certificate
      SCEP
      , or 
      User credential
      . In the certificate drop-down list, click the certificate profile that you want to use.
    11. Click 
      Add
      .
    12. If necessary, repeat steps 2 to 11 to add another 
      Kerberos
       configuration.
    Configure 
    Kerberos
     authentication for 
    BlackBerry 10
     devices
    1. Click the 
      BlackBerry
       tab.
    2. Click 
      Browse
      . Navigate to and select your organization’s 
      Kerberos
       configuration file (krb5.conf).
    Configure NTLM authentication or trusted domains for SCEP certificates for 
    BlackBerry 10
     devices
    1. Click the 
      BlackBerry
       tab.
    2. Under 
      Trusted domains
      , click The add icon.
    3. In the 
      Name
       field, type a name for the configuration.
    4. In the 
      Domain
       field, type a trusted subdomain or individual host where the domain credentials can be used to authenticate automatically. Type the server name as an FQDN, hostname, alias, or IP address. DNS names can contain wildcards (*).
    5. To specify more subdomains, click The add icon to add more fields.
    6. Click 
      Add
      .
    7. If necessary, repeat steps 2 to 6 to add another trusted domain.
  6. Click 
    Add
    .
If necessary, rank profiles.