UEM Authentication Delegate Configuration

From iDENprotect Knowledge Base
Jump to: navigation, search

Introduction

When users get enrolled with the idenprotect Core Platform, there are a number of possible use cases. One of those use cases is to use an idenprotect For Mobile application as an authentication delegate for BlackBerry Dynamics. If this is the use case you are planning to use, you will also need to ensure that you have configured one (or more) UEM servers.

This article discusses how to set idenprotect as an authentication delegate, For other information about the UEM configuration, please see our UEM Guide

The Authentication Delegate is the application responsible for authenticating the user to the BlackBerry Runtime. This means that whenever the user accesses a BlackBerry Application, the application delegate will be opened and be required to authenticate the user. In the case of idenprotect, this authentication is usually achieved via biometric authentication.


Setting the Authentication Delegate

The authentication delegate configuration is set under the Policies and Profiles->Blackberry Dynamics option on the UEM Admin Console.

Under this option, you can create and edit a range of Blackberry Dynamics profiles and assign these profiles to user or groups.

You can select the Profile that you want to use idenprotect as Authentication Delegate and select the Edit option

Then under the Authentication Delegate section, you can edit the Authentication Delegate Options.

UEMAuthDelegate.png

It is possible to set a number of authentication delegates.

For testing and migration, it is acceptable to have both UEM Client and idenprotect acting as Authentication Delegate (with idenprotect being the primary).

For production, it is recommended that idenprotect is the only Authentication Delegate. This is to prevent the user uninstalling idenprotect to by-pass its authentication. However, this can be also prevented by other IT policy elements