Wednesday, May 05, 2010

Update: Extend your Corporate Active Directory Boundary to your Blackberry!

I blogged earlier on this topic here. Now that Research In Motion's WES 2010 conference is over the slides from the session are available here. In a nutshell, the benefit of the Quest/RIM partnership is all about extending single sign-on capabilities to BlackBerry® phone users and BlackBerry administrators. Here are some of the details:
  • Use Active Directory for authentication of your Blackberry phone and achieve single sign-on
  • Authentication to AD Using Your Blackberry phone to become a trusted network user
  • End-to-end authentication between users and backend services without logging in from your Blackberry phone
  • Single sign-on is enabled for Blackberry Enterprise Server administrators when they access the BES console
All of this was enabled through the use of Quest Single Sign-on for Java. One of the key benefits in using Quest Single Sign-on for Java is our support of Microsoft’s Kerberos extensions (S4U2Proxy & S4U2Self). These extensions enable the BES server to obtain a Kerberos ticket on behalf of the end-user. This means that all security – like when you are accessing an application via the Blackberry – occurs in the context of the end-user. So what’s the end result?
  1. BES administrators will be have single sign-on enabled to the BES console. No need to enter their credentials.
  2. Blackberry users will have single sign-on enabled to internal corporate resources via their phone’s browser. No need to enter their credentials.
Cool stuff!

    No comments: