Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry UEM 12.12
  3. Planning and Architecture
  4. BlackBerry UEM Cloud Architecture and Data Flows
  5. Data flow: Activating a BlackBerry Dynamics app

Data flow: Activating a 
BlackBerry Dynamics
 app

When users install a 
BlackBerry Dynamics
 app, the app must be activated to enable secure communication between the app and your organization's resources.
If the 
BlackBerry UEM Client
 is installed on the device, 
BlackBerry Dynamics
 apps can be activated with no administrator or user action. If the 
BlackBerry UEM Client
 is not installed, an administrator or user must request that 
BlackBerry UEM Cloud
 generate an access key and send it to the user.
Diagram showing the steps and components mentioned in the following data flow.
  1. An administrator assigns one or more 
    BlackBerry Dynamics
     apps to a user.
  2. The user installs the app on the device.
  3. If the device is not a 
    Samsung Knox Workspace
     device and the 
    BlackBerry UEM Client
     is installed on the device, the 
    BlackBerry Dynamics
     app performs the following actions:
    1. Establishes a secure channel with the 
      BlackBerry UEM Client
       on the device. Data exchanged over the secure channel is encrypted using an AES-CBC cipher.
    2. Asks the 
      BlackBerry UEM Client
       to requests an access key for the new 
      BlackBerry Dynamics
       app. The request includes a randomly generated nonce.
  4. One of the following events occurs:
    • The 
      BlackBerry UEM Client
       sends the access key request and the randomly generated nonce to 
      BlackBerry UEM Cloud
      .
    • If the 
      BlackBerry UEM Client
       is not installed on the device, or if the device uses 
      Samsung Knox Workspace
       and this is the first 
      BlackBerry Dynamics
       app activated, the administrator generates an access key to send to the user or the user logs into 
      BlackBerry UEM Self-Service
       and generates an access key.
    • If the device or 
      Knox Workspace
       already contains an activated 
      BlackBerry Dynamics
       app, the activated app sends an access key request and the randomly generated nonce to 
      BlackBerry UEM Cloud
      .
  5. BlackBerry UEM Cloud
     performs one of the following actions:
    1. Sends the requested access key to the 
      BlackBerry UEM Client
      .
    2. Sends the generated access key to the user in an email message.
  6. The 
    BlackBerry UEM Client
     or the user provides the access key to the 
    BlackBerry Dynamics
     app.
  7. The 
    BlackBerry Dynamics
     app establishes an SSL connection with the 
    BlackBerry Dynamics NOC
     and sends it a hash of the access key.
  8. The 
    BlackBerry Dynamics NOC
     verifies the access key and, if the verification is successful, sends provisioning data, including the master link key and connection information, to the 
    BlackBerry Dynamics
     app.
  9. The 
    BlackBerry Dynamics
     app begins to establish a shared secret with 
    BlackBerry UEM Cloud
     by sending a secure channel setup message to the 
    BlackBerry Dynamics NOC
     over the SSL connection.
    The secure channel setup message contains a user identifier (email address), ephemeral ECDH public key, a salt value, a token, and a MAC of the message to authenticate the sender and guarantee the integrity of the message.
  10. The 
    BlackBerry Dynamics NOC
     forwards the secure channel setup message to 
    BlackBerry UEM Cloud
     over an HTTPS connection.
  11. BlackBerry UEM Cloud
     sends encrypted provisioning data, including the master session key, app configuration data, and, if one or more 
    BlackBerry Connectivity Node
     instances is configured, a list of 
    BlackBerry Proxy
     instances, to the 
    BlackBerry Dynamics
     app to complete the activation.