BlackBerry Access app configuration settings
BlackBerry Access
app configuration settingsGeneral
Setting | Supported OS | Description |
---|---|---|
Homepage | Android iOS Windows macOS | This setting specifies the URL for the website that you want to appear as the home screen when users start BlackBerry Access .The URL must begin with "http://" or "https://". |
Allow user to set home page | Windows macOS | This setting specifies whether users can set their own home pages in BlackBerry Access . |
Allow telephone and maps URL | Android iOS Windows macOS | This setting specifies whether users can access telephone and map URLs in BlackBerry Access . |
Allow telephone only | Android iOS | This setting specifies whether users can access telephone URLs only. |
Allow maps only | Android iOS | This setting specifies whether users can access map URLs only. |
Identify BlackBerry Access in User Agent | iOS | This setting specifies whether BlackBerry Access can send its user agent string to servers hosting websites that users visit. The user agent string identifies BlackBerry Access in the HTTP request headers.Servers use the information in the user agent string to provide content tailored to BlackBerry Access . |
Allow phone number to dial using entitled and installed Dynamics VOIP apps | Android iOS | This setting specifies whether users can make phone calls using a third-party phone call service such as CellTrust. |
Enable pop-up windows | Android iOS Windows macOS | This setting specifies whether BlackBerry Access allows pop-up windows.Disabling pop-up windows may cause issues with applications such as Microsoft
Exchange , that open pop-up windows for tasks like composing new email messages. If you disable this setting, when an app tries to open a pop-up window, BlackBerry Access displays a message that pop-up windows are blocked. |
Allow other applications to open urls in full screen mode | iOS | This setting specifies whether apps can open in full screen mode by default. |
Allow import of bookmarks from Safari or Firefox | Android Windows macOS | This setting specifies whether users can import bookmarks that they export from other browsers into BlackBerry Access . |
Push Bookmarks | Android iOS Windows macOS | This setting specifies bookmarks that will be preloaded in BlackBerry Access to make it easier for users to access work intranet webpages.You can copy and paste the text of your bookmarks file directly into this text box. The bookmarks must follow the Netscape bookmark file format. For more information, see https://gist.github.com/jgarber623/cdc8e2fa1cbcb6889872. |
Enable web clip feature | iOS | This setting specifies whether users can use web clips. Web clips are small icons on mobile devices that link to webpages. |
Allow users to perform app diagnostics | Android iOS | This setting specifies whether users can perform app diagnostics for BlackBerry Access . If this setting is selected, the “Run Diagnostics” option appears in the BlackBerry Access settings menu on users’ devices. |
Enable APK installation (Android only) | Android | This setting specifies whether users can download and install .apk files. |
Allow external apps to open HTTP/HTTPS URLs through BlackBerry Access | Android iOS | This setting specifies whether third-party apps on the device can open webpages in BlackBerry Access .For BlackBerry Access for iOS , links in third-party, non-BlackBerry
Dynamics apps can open in BlackBerry Access only if they launch with the following URL scheme: access://open?url= (for example, access://open?url=http://www.blackberry.com ) |
Do not allow download from any HTTP or HTTPS site you have not approved by whitelisting it in BlackBerry Control | Android iOS | This setting specifies whether BlackBerry Access users can download content from HTTP or HTTPS webpages even if they haven't been added to an allowed list. |
Do not allow download from any HTTPS site you have not approved by whitelisting it in BlackBerry Control | Android iOS | This setting specifies whether BlackBerry Access users can download content from HTTPS webpages even if they haven't been added to an allowed list. |
Enable export of downloaded files to OS file system (Windows and Mac) | Windows macOS | This setting specifies whether BlackBerry Work users can download files directly to their device's default download folder, instead of the BlackBerry
Dynamics secure container.Note that allowing users to bypass the secure container is a potential security risk. |
Enable import of files from OS file system ( Windows and Mac ) | Windows macOS | This setting specifies whether BlackBerry Work users can attach files that aren't in the BlackBerry
Dynamics secure container. |
Enable Direct Downloads ( Windows and Mac ) | Windows macOS | This setting specifies whether BlackBerry Work users can download attachments in email messages directly to the device's file system, instead of into the Download Manager in the BlackBerry Dynamics Launcher . |
Disable BlackBerry Work (Windows and Mac ) | Windows macOS | This setting specifies whether users can use BlackBerry Work . |
Open HTML files from other BlackBerry
Dynamics applications | Android iOS | This setting specifies whether BlackBerry Access can open HTML files from other BlackBerry
Dynamics apps. |
Enable Geolocation | Android iOS | This setting specifies whether BlackBerry Access users can allow webpages to access their device's location. |
Enable 3rd-Party Applications | Android iOS Windows macOS | This setting specifies whether BlackBerry Access can open custom URL schemes supported by third-party apps. By default, BlackBerry Access opens only HTTP and HTTPS URL schemes.If you select this setting, you must also set the "Enter comma separated URL schemes" setting.
Each URL string must be mapped as yourstring ://your.URL.string wbx:// . In Access, the user would click on the anchor tag <a href="wbx://blackberry.webex.com">wbx://blackberry.webex.com</a> to open the local Webex app and pass the string yourcompany.webex.com to the app.yourcompany .webex.com |
Enter comma-separated URL schemes | Android iOS Windows macOS | This setting specifies the custom URL schemes that BlackBerry Access can open.The list must be separated by commas. For example, itms-services,market,wbx,lync, where "itms-services" is App Store , "market" is Google
Play , "watchdox" is BlackBerry Workspaces , "wbx" is WebEx , and "lync" is Microsoft Lync
Server .This setting is valid only if the "Enable 3rd-Party Applications" setting is selected. |
Enter JSON for search engine titles and URLs | Android iOS Windows macOS | This setting specifies search engine links that are added to the end of users' search results for bookmarks, history, or downloads. They provide users with easier access to search engines when they perform searches. In the text box, specify the search engine labels to show in BlackBerry Access such as Google and the corresponding search engine URLs. The text must be in .json format and each entry must end with [[GASEARCHKEY]]. For example:[ { "Google" : "https://www.google.com/search?q=[[GASEARCHKEY]]"}, { "Yahoo" : "https://search.yahoo.com/search?p=[[GASEARCHKEY]]"}, { "Bing" : "http://www.bing.com/search?q=[[GASEARCHKEY]]"} ] |
Enable QR Code scanning | Android iOS | This setting specifies whether users can scan a QR code. |
Allow universal links to external apps from BlackBerry Access (iOS only) | iOS | This setting allows BlackBerry Access to open universal links to external apps, |
To force policy update to device, enter current date and time and click update | Android iOS Windows macOS | This setting allows you to send the updated app settings to devices. It also refreshes PAC files. Enter the current date and time, in either 24-hour format or 12-hour format (for example, 02-16-2021 12:04AM in 12-hour format and 02-16-2021 0004 in 24-hour format) and click Update . |
Security
Setting | Supported OS | Description |
---|---|---|
Allow SHA1 leaf or intermediate certificates | Android iOS | This setting specifies whether BlackBerry Access users can access https websites that use SHA1 signature TLS certificates and expired certificates. By default, this setting is selected. |
Allow legacy/weak algorithms (DES) | Android iOS | This setting specifies whether BlackBerry Access can use 3DES algorithms. |
Allow user to securely save authentication credentials | Android iOS Windows macOS | This setting specifies whether BlackBerry Access users can save their authentication credentials that they use to access webpages.
BlackBerry Access supports saving only NTLM or Kerberos authentication credentials. Passwords entered into web forms are not saved even if this setting is enabled. |
Expire stored credentials after | Android iOS Windows macOS | This setting specifies when the stored user credentials expire. You can choose between "'Never Expire" or "24 Hrs." This setting is valid only if the "Allow user to securely save authentication credentials" setting is selected. |
Allow to save web form credentials and credentials autofill | Android iOS | This setting specifies if a user can automatically fill fields with saved passwords and credentials. |
Alert user for invalid or expired certificate | Android iOS Windows macOS | This setting specifies whether users will be notified when certificates are invalid or expired. |
Enforce strict tunnel | Android iOS Windows macOS | This setting specifies whether BlackBerry Access can use only IP addresses and URLs listed in Connectivity profiles. If an IP address or a URL is explicitly defined to route DIRECT, the site is allowed and routes DIRECT. External sites that are not explicitly defined in the Connectivity profile are blocked. However, if the default route is configured to use a BlackBerry Proxy cluster, all undefined IP addresses and URLs are allowed. If external sites are not allowed, they are blocked. If the default route is set to DIRECT, all sites that are not explicitly allowed are blocked. |
Allow URL not in Allowed Domains of Connectivity Profiles to be loaded in native browser | Android iOS Windows macOS | This setting determines whether webpages from domains that aren't listed in the "Allowed Domains" section of the Connectivity profiles, will open in the user's native browser instead of BlackBerry Access .This setting is valid only if the "Enforce strict tunnel" setting is selected. |
When user selects apply to all during prompt to open in third-party browser, do not prompt again for all the hosts under same domain. | iOS | When users select “Always open links from “<domain> in Safari“, this setting specifies whether they will be prompted again for any other hosts the user accesses within same domain. This setting is valid only if the "Allow URL not in Allowed Domains of Connectivity Profiles to be loaded in native browser" setting is selected. |
Allow URL not in Allowed Domains of Connectivity Profiles to be loaded in native default browser | iOS | This setting determines whether BlackBerry Access users can access webpages from domains not listed in the “Allowed Domains” section of the Connectivity profiles. If these domains are encountered, they will open in the device’s native browser, which is typically set by the user in the device settings. By default, the native default browser on the device is Safari .
You must inform users that if they want to change the default browser in their device settings, they should avoid selecting “Access” or “BlackBerry Access.” Selecting these options may lead to unexpected behavior. This setting is valid only if the "Enforce strict tunnel" setting is selected. |
Do not prompt client cert authorization for all sites | Android iOS Windows macOS | When a user uploads only one certificate to BlackBerry UEM that matches a recognized CA, selecting this setting allows the webpage requesting authorization to obtain the certificate without prompting the user. If the user has uploaded multiple certificates from the same CA, the user is prompted to select the certificate to use. |
Do not prompt client cert authorization for white listed sites only | Android iOS Windows macOS | When a user uploads only one certificate to BlackBerry UEM that matches a recognized CA, selecting this setting allows all domains listed in the allowed domains portion in Connectivity profiles to obtain the certificate without prompting the user. If the user has uploaded multiple certificates from the same CA, the user is prompted to select the certificate to use. |
List all certificates available to user to choose for client cert authentication | Android iOS | Specify whether all uploaded encryption certificates are displayed when a user attempts to access websites that require a client cert. |
Enable DLP Watermark | Android iOS | This setting specifies whether to add a faint background watermark across all application screens, with the username and the current date and time. |
Prevent Screenshots on iOS | iOS | This setting allows you to prevent screenshots of BlackBerry Access from being taken on an iOS device. |
Allow SameSite cookies feature and associated restrictions. | iOS | This setting specifies whether to allow SameSite cookies. Some legacy websites may not function properly when this setting is enabled. |
Force authenticate using NTLM over Kerberos when NTLM authentication is possible to access resources. | Android iOS | This setting specifies whether to force authentication using NTML over Kerberos .This policy is not applied when the FIPS policy is enabled. If the NTLM override policy is enabled, BlackBerry Access will force NTLM authentication, if the website is configured to use Kerberos/KCD and NTLM. Use this setting only if Kerberos authentication is not available. This setting disables Kerberos to improve performance by preventing extra network roundtrips and timeouts to an unreachable KDC. |
Allow MDM web content restrictions | iOS | This setting allows you to turn off MDM content filter rules that are configured for Safari in BlackBerry Access . |
Enable biometric authentication while reusing saved credentials | iOS | Enable biometric authentication while reusing saved credentials. |
Allow JavaScript to clear credentials | Android iOS | Web developers can use a JavaScript API to clear credential storage when a user logs out of their account on a web page. If you are using the API, when you select this option, you then specify which domains or hosts the policy should apply to. You can add up to 10 domains. When you enable this feature, users will be prompted for credentials on their next login. |
Network
Setting | Supported OS | Description |
---|---|---|
Enter comma-separated Kerberos realm mappings e.g.: foo=FOO. COMPANY.COM | Android iOS Windows macOS | This setting specifies Kerberos realm mappings. Kerberos authentication realms define areas that are under control of Kerberos . These mappings allow you to equate realm names with other names that are accessible or for some other reason.The limit is 4000 characters. |
Enable Kerberos Forwardable Ticket | Android iOS | This setting specifies whether Kerberos Forwardable tickets can be used.Forwardable tickets in Kerberos are client-side authentication credentials that are tied to a particular IP address that can be treated as new tickets with other IP addresses. |
Resolve short names to fully qualified domain name (FQDN) for Kerberos authentication | Android iOS Windows macOS | This setting specifies whether users can reach servers by typing the unqualified domain name instead of the FQDN for Kerberos authentication.Enabling this setting may impact performance. |
Disable file upload and download on mobile connections (Windows Only) | Windows | This setting specifies whether files can be downloaded or uploaded when users are connected to a mobile network instead of a Wi-Fi network. |
Enable HTTP 2.0 Support | Android iOS | This setting specifies whether HTTP 2.0 is supported in BlackBerry Access . |
Enable Web Proxy | Android iOS Windows macOS | This setting specifies whether BlackBerry Access can communicate through a web proxy server. |
Use Proxy Auto Configuration | Android iOS Windows macOS | PAC files make it easier for users to work with proxy servers by hiding the complexities of authentication from the end user. If your organization uses a PAC file to define proxy rules, you can select this setting to use the proxy server settings from the PAC file that you specify. Enabling this setting will override static web proxy settings. This setting requires BlackBerry
Dynamics servers version 1.6 and later.This setting is valid only if the "Enable Web Proxy" setting is selected. |
Enter URL for PAC file location | Android iOS Windows macOS | This setting specifies the URL for the web server that hosts the PAC file, including the PAC file name. For example, http://www.example.com/PACfile.pac. The PAC file must not be hosted on the same server as BlackBerry UEM or any of its components. This configuration is not supported.The limit is 4000 characters. This setting is valid only if the "Enable Web Proxy" and "Use Proxy Auto Configuration" settings are selected. |
Use Static Web Proxy (Full Tunnel) | Android iOS Windows macOS | This setting specifies whether communications are enabled through a single web proxy service only. This setting is valid only if the "Enable Web Proxy" setting is selected. Enabling this setting overrides 'Enforce strict tunnel' settings.
|
Proxy Host | Android iOS Windows macOS | This setting specifies the the FQDN or IP address of the proxy server. This setting is valid only if the "Use Static Web Proxy (Full Tunnel)" setting is selected. |
Proxy Port | Android iOS Windows macOS | This setting specifies the port number of the proxy server. This setting is valid only if the "Use Static Web Proxy (Full Tunnel)" setting is selected. |
Use HTTPS web proxy tunnel for above host | Android iOS Windows macOS | The HTTPS proxy can be specified either as a static proxy or through PAC:
|
Enable PAC proxy check for all the sub-resources | Android iOS Windows macOS | You can use this setting to enforce PAC processing without caching. Selecting this setting has an impact on the performance of your organization’s environment. It is recommended to use this feature for special circumstances only. |
RSA
Setting | Supported OS | Description |
---|---|---|
Enable RSA
SecurID | Android iOS | This setting specifies whether users can use RSA
SecurID token authentication to authenticate with BlackBerry Access , instead of a password. |
Prompt PIN for PINPAD Token | Android iOS | This setting specifies whether users are always prompted for an RSA
SecurID PIN.This setting is valid only if the "Enable RSA SecurID" setting is selected. |
Token File Password Retry Count | Android iOS | This setting specifies the number of times that a user can enter an incorrect RSA
SecurID PIN before they are locked out.This setting is valid only if the "Enable RSA SecurID" setting is selected. |
Token Request SendTo Email Address | Android iOS | This setting specifies the email address of your RSA authentication manager. All RSA
SecurID token seed record requests are sent to this address.This setting is valid only if the "Enable RSA SecurID" setting is selected. |
Token Request CC Email Address | Android iOS | This setting specifies the email address that should be CC'd for all RSA
SecurID token seed record requests.This setting is valid only if the "Enable RSA
SecurID " setting is selected. |
Token Request Email Subject | Android iOS | This setting specifies the email subject for token request emails. This setting is valid only if the "Enable RSA
SecurID " setting is selected. |
Features
Setting | Supported OS | Description |
---|---|---|
Allow user to upload | Android iOS | This setting specifies whether users can upload files to web pages in BlackBerry Access . Files can have a maximum size of 20 MB. |
Allow user to take new photos/videos and upload | Android iOS | This setting specifies whether users can take photos and videos and upload the photos and videos to a web page. Users must allow BlackBerry Access to access their cameras. Files can have a maximum size of 20 MB. |
Allow user to select existing photos/videos to upload | Android iOS | This setting specifies whether users can upload existing photos and videos from their photo libraries to a web page. Files can have a maximum size of 20 MB. |
Allow user to select files from file providers to upload | Android iOS | This setting specifies whether users can upload files from other file apps. Files can have a maximum size of 20 MB. |
Allow user to upload files from the Dynamics container | Android iOS | This setting specifies whether users can upload files that have been downloaded to the downloads folder in BlackBerry Access . |
Allow WebRTC | Android iOS | This setting turns on the use of WebRTC, which provides microphone and camera support required by services such as Zoom and WebEx .WebRTC traffic is not routed through the BlackBerry Dynamics secure tunnel regardless of the network connectivity profile settings. WebRTC traffic goes direct to the internet. Also, Connectivity profile settings do not apply to WebRTC traffic. |
Enable exporting to 3rd-party native apps | Android iOS | Select the "Enable exporting to 3rd-party native apps" option to specify whether to allow the transfer of files to third-party native apps on the user's device. You can allow and disallow specific apps by app ID. By default, this setting is not selected. Consider the following scenarios when you enable this feature to allow or block exporting to 3rd-party native apps:
This policy is not applied when the CylanceAVERT policy "Do not allow copying data from BlackBerry
Dynamics apps into non BlackBerry Dynamics apps" option is selected in the BlackBerry
Dynamics profile. For more information about the BlackBerry
Dynamics profile, see the Managing BlackBerry Dynamics apps content. |
BlackBerry Work (Mac and Win)
BlackBerry Work
(Mac and Win)Setting | Supported OS | Description |
---|---|---|
Launch mail app on browser start | Windows macOS | This setting specifies whether the mail app opens instead of a browser window when BlackBerry Access starts. |
Enable avatar photos | Windows macOS | This setting specifies whether users can set avatar photos. If it is disabled, the user's initials appear instead. |
EWS server | Windows macOS | Optionally, you can use this setting to specify the URL that the mail app uses for Microsoft Exchange Web
Services provisioning. Otherwise, BlackBerry Work uses autodiscovery methods to locate the EWS server.Optionally, you can enter a series of name=value pairs separated by commas, where the name designates an email domain and the value designates the URL for the EWS endpoint for that domain. Using this method, administrators can assign multiple users with different EWS endpoints to the same application policy and be able to control where the mail app accesses mail, based on the user’s email domain. For example:
BlackBerry Access does not validate the entries. All related logs are prefixed by [WEB_MAIL] EWS URL Resolution: at the INFO log level. |
Enable KCD or PKNIT Support | Windows macOS | This setting specifies whether the mail app can use Kerberos constrained delegation. |
Use client certificate in place of login/password | Windows macOS | This setting specifies whether users can use SSL certificates instead of using a login and password to authenticate with BlackBerry Work . SSL certificates must be uploaded to BlackBerry UEM . For more information, see Managing certificates. |
Disable Notifications | Windows macOS | This setting specifies whether BlackBerry Work displays notifications for mail and calendar events. |
Enable email Classification Markings | Windows macOS | This setting specifies whether to enable email classification markings, such as INTERNAL, CONFIDENTIAL, NO FORWARD, and/or NO REPLY. If selected, specify the following sample information in the Classifications and caveats field as required:
|
Require all emails to have Email Classification | Windows macOS | This setting specifies whether users are required to specify one of the classification options that are set in the 'Enable email Classification Markings' policy xml file. This setting is valid only if the "Enable email Classification Markings" setting is selected. |
Display warning while sending message if recipient's email domain is unauthorized | Windows macOS | This setting specifies whether to display a warning if the user is sending an email to a recipient in an email domain that is not authorized. If selected, specify email domains you want to authorize in the Authorize email domains field. Users will notice that email addresses in untrusted domains appear in purple text. |
Default signing algorithm | Windows macOS | This setting specifies the algorithm to use for signing sent messages. |
Default encryption algorithm | Windows macOS | This setting specifies the algorithm to use for encrypting sent messages. |
Enable Revocation Checking | Windows macOS | This setting allows you to set revocation checking of all certificates used for signing/encryption and signing verification/decryption of S/MIME messages.
|
Use Office
365 Modern Authentication | Windows macOS | This setting allows you to configure options for Microsoft 365 . Modern authentication enables BlackBerry Work to us sign-in features such as Multi-Factor Authentication and SAML-based third-party Identity Providers. If selected, specify the following:
|
BlackBerry Access (Mac and Win)
BlackBerry Access
(Mac and Win)Setting | Supported OS | Description |
---|---|---|
Enable WebRTC | Windows macOS | This setting specifies whether to enable access to WebRTC protocol-based destinations such as Citrix VDI browser-based access.For information on how to configure BlackBerry Access to support WebRTC, see Configure access to WebRTC-based destinations. |
Enable Microphone Access | Windows macOS | This setting specifies whether BlackBerry Access should display a prompt that allows users to permit websites to use the device's microphone. You can enable it only if WebRTC is enabled. |
Enable Camera Access | Windows macOS | This setting specifies whether BlackBerry Access should display a prompt that allows users to permit websites to use the device's camera. You can enable it only if WebRTC is enabled. |
Enable UDP Protocol support | Windows macOS | This setting specifies whether to allow UDP connections initiated by websites. |
Enable Printing | Windows macOS | This setting specifies whether to allow users to print web pages. |
Enable embedded PDF viewer | Windows macOS | This setting specifies whether to allow users to view embedded PDFs from within BlackBerry Access . |
Automatically open PDF and Microsoft
Office documents after download | Windows macOS | This setting specifies whether to open PDF and Microsoft
Office documents automatically after they are downloaded. |
Enable Microsoft
Office URI support | Windows macOS | Only Microsoft
Office URIs that specify online documents are supported. |
Enable Upgrade Notifications | Windows macOS | This setting specifies whether to push notifications to users when a new upgrade is available. If selected, specify the following:
|
Enable Awingu Extension | Windows macOS | This setting specifies whether to enable the Awingu extension which allows users to store their Awingu credentials. Also, when enabled, an icon is added to the toolbar in BlackBerry Access and users can launch Awingu by clicking the icon in the toolbar.If selected, you must specify the following:
|
Enable installation of extensions | Windows macOS | This setting specifies whether to allow websites to download extensions for third-party apps. If selected, in the Permitted Extension Ids field, specify one more more extension IDs that can be installed. The source can be from any URL. WebEx and Skype can be enabled either by adding their extension ids or by adding their protocols to the external protocols list.In the Chrome app store, users can add only apps that have permitted extensions. If an extension is enabled and installed, and the administrator removes its ID, the extension is removed from BlackBerry Access . If the administrator re-adds the extension, the user must restart BlackBerry Access to be able to add the app from the Chrome app store. |
Enable developer mode | Windows macOS | This setting allows you to enable developer mode in BlackBerry Access . |
Policy Overrides For Mobile
These settings allow you to configure separate
BlackBerry Access
app configuration settings for mobile (iOS
and Android
) and desktop (Windows
and macOS
) devices for the same user. When these settings are enabled, the policy choices will override the equivalent policies that are listed in the tables above for iOS
and Android
devices. Setting | Supported OS | Description |
---|---|---|
Enable policy overrides for iOS and Android Access clients only from clients version 3.5.1.x or later | Android iOS | When this setting is enabled, the selected policies in this table will override any equivalent policy settings that are listed in the tables above for iOS and Android devices. |
Alert user for invalid or expired certificate | Android iOS | This setting specifies whether users will be notified when certificates are invalid or expired. |
Enforce strict tunnel | Android iOS | This setting specifies whether BlackBerry Access can use only IP addresses and URLs listed in Connectivity profiles. If an IP address or a URL is explicitly defined to route DIRECT, the site is allowed and routes DIRECT.External sites that are not explicitly defined in the Connectivity profile are blocked. However, if the default route is configured to use a BlackBerry Proxy cluster, all undefined IP addresses and URLs are allowed. If external sites are not allowed, they are blocked. If the default route is set to DIRECT, all sites that are not explicitly allowed are blocked. |
Allow URL not in Allowed Domains of Connectivity Profiles to be loaded in native browser | Android iOS | This setting specifies whether to open webpages from domains that aren't listed in the Connectivity profiles on the device's native browser or BlackBerry Access .This setting is valid only if the "Enforce strict tunnel" setting is selected. |
When user selects apply to all during prompt to open in third party browser, do not prompt again for all the hosts under same domain | Android iOS | This setting specifies whether, when a user selects “Always open links from “<domain> in Safari“, the user will not be prompted again for any other hosts they access within same domain. When users select “Always open links from “<domain> in Safari“, this setting determines if the user will be prompted again for any other hosts they access within same domain. This setting is valid only if the "Allow URL not in Allowed Domains of Connectivity Profiles to be loaded in native browser" setting is selected. |
Allow URL not in Allowed Domains of Connectivity Profiles to be loaded in native default browser | iOS | This setting determines whether webpages from domains not listed in the device’s native browser Connectivity profiles will open in the native browser. By default, the native default browser is Safari . Users also have the option to set a different default browser in their device settings.You must inform users that if they want to change the default browser in their device settings, they should avoid selecting “Access” or “BlackBerry Access.” Selecting these options may lead to unexpected behavior. This setting is valid only if the "Enforce strict tunnel" setting is selected. |
Enable Web Proxy | Android iOS | This setting specifies whether BlackBerry Access can communicate through a web proxy server. |
User Proxy Auto Configuration | Android iOS | PAC files make it easier for users to work with proxy servers by hiding the complexities of authentication from the end user. If your organization uses a PAC file to define proxy rules, you can select this setting to use the proxy server settings from the PAC file that you specify. Enabling this setting will override static web proxy settings. This setting requires BlackBerry
Dynamics servers version 1.6 or later. This setting is valid only if the "Enable Web Proxy" setting is selected. |
Enter URL for PAC file location | Android iOS | This setting specifies the URL for the web server that hosts the PAC file, including the PAC file name (for example, http://www.example.com/PACfile.pac). The PAC file must not be hosted on the same server as BlackBerry UEM , or any of its components. This configuration is not supported.The limit is 4000 characters. This setting is valid only if the "Enable Web Proxy" and "Use Proxy Auto Configuration" settings are selected. |
Enable PAC proxy check for all the sub-resources | Android iOS | You can use this setting to enforce PAC processing without caching. Selecting this setting has an impact on the performance of your organization’s environment. You should use this feature for special circumstances only. |
Use Static Web Proxy | Android iOS | This setting specifies whether communications are enabled only through a single web proxy service. This setting is valid only if the "Enable Web Proxy" setting is selected. Enabling this setting overrides "Enforce strict tunnel" settings. |
Proxy Host | Android iOS | This setting specifies the the FQDN or IP address of the proxy server. This setting is valid only if the "Use Static Web Proxy (Full Tunnel)" setting is selected. |
Proxy Port | Android iOS | This setting specifies the port number of the proxy server. This setting is valid only if the "Use Static Web Proxy (Full Tunnel)" setting is selected. |
Use HTTPS web proxy tunnel for above host | Android iOS | The HTTPS proxy can be specified either as a static proxy or through PAC:
|