UEM Authentication Delegate Configuration

From idenprotect Knowledge Base
Revision as of 15:40, 2 January 2020 by GrahamSant (talk | contribs) (Created page with "Category:Step_By_Step Category:IDENprotect_Server __TOC__ = Introduction = When users get enrolled with the iDENprotect<sup>server</sup>, there are a number of possi...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


When users get enrolled with the iDENprotectserver, there are a number of possible use cases. One of those use cases is to use the iDENprotect mobile applications as an authentication delegate for BlackBerry Dynamics. If this is the use case you are planning to use, you will also need to ensure that you have configured one (or more) UEM servers.

This article discusses how to set iDENprotect as an authentication delegate, For other information about the UEM configuration, please see our UEM Guide

The Authentication Delegate is the application responsible for authenticating the user to the BlackBerry Runtime. This means that whenever the user accesses a BlackBerry Application, the application delegate will be opened and be required to authenticate the user. In the case of iDENprotect, this authentication is usually achieved via a biometric authentication.

Setting the Authentication Delegate

The authentication delegate configuration is set under the Policies and Profiles->Blackberry Dynamics option on the UEM Admin Console.

Under this option you can create and edit a range Blackberry Dynamics profiles and assign these profiles to user or groups.

You can select the Profile that you want to use iDENprotect as Authentication Delegate and select the Edit option

Then under the Authentication Delegate section you can edit the Authentication Delegate Options.


It is possible to set a number of authentication delegates.

For testing and migration it is acceptable to have both UEM Client and iDENprotect acting as Authentication Delegate (with iDENprotect being the primary).

For production it is recommnded that iDENprotect is the only Authentication Delegate. This is to prevent the user uninstalling iDENprotect to by-pass its authentication. However this can be also prevented by other IT policy elements