I am developing an iOS App that is enrolled to the companies iOS devices via Blackberry UEM. The app needs to access a client certificate, that is also enrolled via Blackberry UEM.
How can the app access these certificates, because under iOS an app has only access to its own KeyChain.
Do I have to use the Blackberry Dynamics SDK. The Blackberry Administrator told me, the app is running outside the Dynamics container and I want to avoid linking agains the SDK.
I tried to read the certificates, installed via Blackberry UEM, via SecItemCopyMatching queries, but cannot access them.
Please tell me, if accessing them is possible. With or without Blackberry Dynamics SDK.
Based on the info in your post, it appears that your iOS devices have an MDM (mobile device management) profile and you are leveraging that to deploy a non-Dynamics native iOS application to your devices. BlackBerry Dynamics is a fully self contained MAM (mobile application management) platform which does not require MDM so it works the same with or without MDM thus its heavy usage in BYOD deployments. The use of MDM with Dynamics is at the discretion of an organization with many applying MDM only to their corporate owned devices.
With default settings, when pushing client certificates via UEM for use by Dynamics apps, including Work (enterprise email) and Access (enterprise browser), these are stored in the Dynamics certificate store which is secured via software by the Dynamics runtime. It is possible within UEM options to have the certificates stored in the iOS keystore but this is usually for special use cases. Even for those customers who do want to leverage the iOS key store for the certificate storage I am not sure a non-Dynamics application would even be able to leverage those certs based on the iOS enforced access rules.
So yes the recommendation would be to use the BlackBerry Dynamics SDK. As your administrator has advised you are running outside of the Dynamics container and thus currently have no access to any Dynamics capabilities.