BlackBerry Access app configuration settings Skip Navigation

BlackBerry Access
app configuration settings

General

Setting
Description
Applies to
Homepage
This setting specifies the URL for the website that you want to appear as the home screen when users start
BlackBerry Access
.
The URL must begin with "http://" or "https://".
  • BlackBerry Access for Android
  • BlackBerry Access for iOS
  • BlackBerry Access for Windows
  • BlackBerry Access for macOS
Allow user to set home page
This setting specifies whether users can set their own home pages in
BlackBerry Access
.
  • BlackBerry Access for Windows
  • BlackBerry Access for macOS
Use UIWebView to render web content on devices (only applicable to
iOS
devices 12.0 or earlier)
This setting specifies whether to allow
iOS
12.0 and earlier devices to use UIWebView. The default view is WKWebView.
This setting is not supported in BlackBerry Access version 3.1.0 and later. For more information, see developer.apple.com/news to read "Updating Apps that Use Web Views".
  • BlackBerry Access for iOS
Allow telephone and maps URL
This setting specifies whether users can access telephone and map URLs in
BlackBerry Access
.
  • BlackBerry Access for Android
  • BlackBerry Access for iOS
  • BlackBerry Access for Windows
  • BlackBerry Access for macOS
Allow telephone only
This setting specifies whether users can access telephone URLs only.
  • BlackBerry Access for Android
  • BlackBerry Access for iOS
Allow maps only
This setting specifies whether users can access map URLs only.
  • BlackBerry Access for Android
  • BlackBerry Access for iOS
Identify
BlackBerry Access
in User Agent
This setting specifies whether
BlackBerry Access
can send its user agent string to servers hosting websites that users visit. The user agent string identifies
BlackBerry Access
in the HTTP request headers.
Servers use the information in the user agent string to provide content tailored to
BlackBerry Access
.
  • BlackBerry Access for iOS
Allow phone number to dial using entitled and installed Dynamics VOIP apps (iOS Only)
This setting specifies whether users can make phone calls using a third-party phone call service such as CellTrust.
  • BlackBerry Access for iOS
Enable pop-up windows
This setting specifies whether
BlackBerry Access
allows pop-up windows.
Disabling pop-up windows may cause issues with applications such as
Microsoft Exchange
, that open pop-up windows for tasks like composing new email messages. If you disable this setting, when an app tries to open a pop-up window,
BlackBerry Access
displays a message that pop-up windows are blocked.
  • BlackBerry Access for Android
  • BlackBerry Access for iOS
  • BlackBerry Access for Windows
  • BlackBerry Access for macOS
Allow other applications to open urls in full screen mode. (iOS only)
This setting specifies whether apps can open in full screen mode by default.
  • BlackBerry Access for iOS
Allow import of bookmarks from
Safari
or
Firefox
This setting specifies whether users can import bookmarks that they export from other browsers into
BlackBerry Access
.
  • BlackBerry Access for Windows
  • BlackBerry Access for macOS
  • BlackBerry Access for Android
Push Bookmarks
This setting specifies bookmarks that will be preloaded in
BlackBerry Access
to make it easier for users to access work intranet webpages.
You can copy and paste the text of your bookmarks file directly into this text box. The bookmarks must follow the
Netscape
bookmark file format. For more information, see https://gist.github.com/jgarber623/cdc8e2fa1cbcb6889872.
  • BlackBerry Access for Android
  • BlackBerry Access for iOS
  • BlackBerry Access for Windows
  • BlackBerry Access for macOS
Enable web clip feature
This setting specifies whether users can use web clips. Web clips are small icons on mobile devices that link to webpages.
  • BlackBerry Access for iOS
Allow users to perform app diagnostics
This setting specifies whether users can perform app diagnostics for
BlackBerry Access
. If this setting is selected, the “Run Diagnostics” option appears in the
BlackBerry Access
settings menu on users’ devices.
  • BlackBerry Access for Android
  • BlackBerry Access for iOS
Enable APK installation (Android only)
This setting specifies whether users can download and install .apk files.
  • BlackBerry Access for Android
Allow external apps to open HTTP/HTTPS URLs through
BlackBerry Access
This setting specifies whether third-party apps on the device can open webpages in
BlackBerry Access
.
For
BlackBerry Access for iOS
, links in third-party, non-
BlackBerry Dynamics
apps can open in
BlackBerry Access
only if they launch with the following URL scheme:
access://open?url=
(for example,
access://open?url=http://www.blackberry.com
)
  • BlackBerry Access for Android
  • BlackBerry Access for iOS
Do not allow download from any HTTP or HTTPS site you have not approved by whitelisting it in
BlackBerry Control
This setting specifies whether
BlackBerry Access
users can download content from HTTP or HTTPS webpages even if they haven't been added to an allowed list.
  • BlackBerry Access for Android
  • BlackBerry Access for iOS
Do not allow download from any HTTPS site you have not approved by whitelisting it in
BlackBerry Control
This setting specifies whether
BlackBerry Access
users can download content from HTTPS webpages even if they haven't been added to an allowed list.
  • BlackBerry Access for Android
  • BlackBerry Access for iOS
Enable export of downloaded files to OS file system (Windows and Mac)
This setting specifies whether
BlackBerry Work
users can download files directly to their device's default download folder, instead of the
BlackBerry Dynamics
secure container.
Note that allowing users to bypass the secure container is a potential security risk.
  • BlackBerry Work for Windows
  • BlackBerry Work for macOS
Enable import of files from OS file system (
Windows
and
Mac
)
This setting specifies whether
BlackBerry Work
users can attach files that aren't in the
BlackBerry Dynamics
secure container.
  • BlackBerry Work for Windows
  • BlackBerry Work for macOS
Enable Direct Downloads (
Windows
and
Mac
)
This setting specifies whether
BlackBerry Work
users can download attachments in email messages directly to the device's file system, instead of into the Download Manager in the
BlackBerry Dynamics Launcher
.
  • BlackBerry Work for Windows
  • BlackBerry Work for macOS
Disable
BlackBerry Work
(
Windows
and
Mac
)
This setting specifies whether users can use
BlackBerry Work
.
  • BlackBerry Work for Windows
  • BlackBerry Work for macOS
Open HTML files from other
BlackBerry Dynamics
applications
This setting specifies whether
BlackBerry Access
can open HTML files from other
BlackBerry Dynamics
apps.
  • BlackBerry Access for Android
  • BlackBerry Access for iOS
Enable Geolocation
This setting specifies whether
BlackBerry Access
users can allow webpages to access their device's location.
  • BlackBerry Access for Android
  • BlackBerry Access for iOS
Enable 3rd Party Applications
This setting specifies whether
BlackBerry Access
can open custom URL schemes supported by third-party apps. By default,
BlackBerry Access
opens only HTTP and HTTPS URL schemes.
If you select this setting, you must also set the "Enter comma separated URL schemes" setting.
Each URL string must be mapped as yourstring://your.URL.string. For example, for Webex, you could use wbx://yourcompany.webex.com. In Access, the user would click on the anchor tag <a href="wbx://blackberry.webex.com">wbx://blackberry.webex.com</a> to open the local Webex app and pass the string yourcompany.webex.com to the app.
  • BlackBerry Access for Android
  • BlackBerry Access for iOS
  • BlackBerry Access for Windows
  • BlackBerry Access for macOS
Enter comma separated URL schemes
This setting specifies the custom URL schemes that
BlackBerry Access
can open.
The list must be separated by commas. For example, itms-services,market,wbx,lync, where "itms-services" is
App Store
, "market" is
Google Play
, "watchdox" is
BlackBerry Workspaces
, "wbx" is
WebEx
, and "lync" is
Microsoft Lync Server
.
This setting is valid only if the "Enable 3rd Party Applications" setting is selected.
  • BlackBerry Access for Android
  • BlackBerry Access for iOS
  • BlackBerry Access for Windows
  • BlackBerry Access for macOS
Enter JSON for search engine titles and URLs
This setting specifies search engine links that are added to the end of users' search results for bookmarks, history, or downloads. They provide users with easier access to search engines when they perform searches.
In the text box, specify the search engine labels to show in
BlackBerry Access
such as
Google
and the corresponding search engine URLs. The text must be in .json format and each entry must end with [[GASEARCHKEY]]. For example:
[
{ "Google" : "https://www.google.com/search?q=[[GASEARCHKEY]]"}, { "Yahoo" : "https://search.yahoo.com/search?p=[[GASEARCHKEY]]"}, { "Bing" : "http://www.bing.com/search?q=[[GASEARCHKEY]]"}
]
  • BlackBerry Access for Android
  • BlackBerry Access for iOS
  • BlackBerry Access for Windows
  • BlackBerry Access for macOS
Enable QR Code scanning
This setting specifies whether users can scan a QR code.
  • BlackBerry Access for Android
  • BlackBerry Access for iOS
Allow universal links to external apps from
BlackBerry Access
(
iOS
only)
This setting allows BlackBerry Access to open universal links to external apps,
  • BlackBerry Access for iOS
To force policy update to device, enter current date and time and click update
This setting allows you to send the updated app settings to devices. It also refreshes PAC files.
Enter the current date and time, in either 24-hour format or 12-hour format (for example, 02-16-2017 12:04AM in 12-hour format and 02-16-2017 0004 in 24-hour format) and click Update.
  • BlackBerry Access for Android
  • BlackBerry Access for iOS
  • BlackBerry Access for Windows
  • BlackBerry Access for macOS

Security

Setting
Description
Applies to
Allow SHA1 leaf or intermediate certificates
This setting specifies whether
BlackBerry Access
users can access https websites that use SHA1 signature TLS certificates and expired certificates. By default, this setting is selected.
  • BlackBerry Access for Android
  • BlackBerry Access for iOS
Allow legacy/weak algorithms (DES)
This setting specifies whether
BlackBerry Access
can use 3DES algorithms.
  • BlackBerry Access for Android
  • BlackBerry Access for iOS
Allow user to securely save authentication credentials
This setting specifies whether
BlackBerry Access
users can save their authentication credentials that they use to access webpages.
BlackBerry Access
supports saving only NTLM or Kerberos authentication credentials. Passwords entered into web forms are not saved even if this setting is enabled.
  • BlackBerry Access for Android
  • BlackBerry Access for iOS
  • BlackBerry Access for Windows
  • BlackBerry Access for macOS
Expire stored credentials after
This setting specifies when the stored user credentials expire. You can choose between "'Never Expire" or "24 Hrs."
This setting is valid only if the "Allow user to securely save authentication credentials" setting is selected.
  • BlackBerry Access for Android
  • BlackBerry Access for iOS
  • BlackBerry Access for Windows
  • BlackBerry Access for macOS
Allow to save web form credentials and credentials autofill
This setting specifies if a user can automatically fill fields with saved passwords and credentials.
  • BlackBerry Access for Android
  • BlackBerry Access for iOS
Alert user for invalid or expired certificate
This setting specifies whether users will be notified when certificates are invalid or expired.
  • BlackBerry Access for Android
  • BlackBerry Access for iOS
  • BlackBerry Access for Windows
  • BlackBerry Access for macOS
Enforce strict tunnel
This setting specifies whether
BlackBerry Access
can use only IP addresses and URLs listed in Connectivity profiles. If an IP address or a URL is explicitly defined to route DIRECT, the site is allowed and routes DIRECT.
External sites that are not explicitly defined in the Connectivity profile are blocked. However, if the default route is configured to use a
BlackBerry Proxy
cluster, all undefined IP addresses and URLs are allowed. If external sites are not allowed, they are blocked.
If the default route is set to DIRECT, all sites that are not explicitly allowed are blocked.
  • BlackBerry Access for Android
  • BlackBerry Access for iOS
  • BlackBerry Access for Windows
  • BlackBerry Access for macOS
Allow URL not in Allowed Domains of Connectivity Profiles to be loaded in native browser
This setting specifies whether, when
BlackBerry Access
users try to access webpages from domains that aren't listed in the allowed domains in Connectivity profiles, they are opened in the device's native browser instead of
BlackBerry Access
.
This setting is valid only if the "Enforce strict tunnel" setting is selected.
  • BlackBerry Access for Android
  • BlackBerry Access for iOS
  • BlackBerry Access for Windows
  • BlackBerry Access for macOS
When user selects apply to all during prompt to open in third party browser, do not prompt again for all the hosts under same domain.
This setting specifies whether, when user selects “Always open links from “ <domain>” in Safari“, the user will not be prompted again for any other hosts user accesses within same domain.
This setting is valid only if the "Allow URL not in Allowed Domains of Connectivity Profiles to be loaded in native browser" setting is selected.
BlackBerry Access for iOS
Do not prompt client cert authorization for all sites
When a user uploads only one certificate to
BlackBerry UEM
that matches a recognized CA, selecting this setting allows the webpage requesting authorization to obtain the certificate without prompting the user. If the user has uploaded multiple certificates from the same CA, the user is prompted to select the certificate to use.
  • BlackBerry Access for Android
  • BlackBerry Access for iOS
  • BlackBerry Access for Windows
  • BlackBerry Access for macOS
Do not prompt client cert authorization for white listed sites only
When a user uploads only one certificate to
BlackBerry UEM
that matches a recognized CA, selecting this setting allows all domains listed in the allowed domains portion in Connectivity profiles to obtain the certificate without prompting the user. If the user has uploaded multiple certificates from the same CA, the user is prompted to select the certificate to use.
  • BlackBerry Access for Android
  • BlackBerry Access for iOS
  • BlackBerry Access for Windows
  • BlackBerry Access for macOS
List all certificates available to user to choose for client cert authentication
Specify whether all uploaded encryption certificates are displayed when a user attempts to access websites that require a client cert.
  • BlackBerry Access for Android
  • BlackBerry Access for iOS
Enable DLP Watermark
This setting specifies whether or not to add a faint background watermark across all application screens, with the username and the current date and time.
  • BlackBerry Access for Android
  • BlackBerry Access for iOS
Allow SameSite cookies feature and associated restrictions.
This setting specifies whether to allow SameSite cookies.
Some legacy websites may not function properly when this setting is enabled.
  • BlackBerry Access for iOS
Force authenticate using NTLM over Kerberos when NTLM authentication is possible to access resources.
This setting specifies whether to force authentication using NTML over
Kerberos
.
This policy is not applied when the FIPS policy is enabled.
If the NTLM override policy is enabled, BlackBerry Access will force NTLM authentication, if the website is configured to use Kerberos/KCD and NTLM.
Use this setting only if
Kerberos
authentication is not available. This setting disables
Kerberos
to improve performance by preventing extra network roundtrips and timeouts to an unreachable KDC.
  • BlackBerry Access for Android
  • BlackBerry Access for iOS
Allow MDM web content restrictions (iOS Only)
This setting allows you to turn off MDM content filter rules that are configured for Safari in
BlackBerry Access
.
BlackBerry Access for iOS
Enable biometric authentication while reusing saved credentials (iOS only)
Enable biometric authentication while reusing saved credentials (iOS only)
BlackBerry Access for iOS
Allow JavaScript to clear credentials
Web developers can use a JavaScript API to clear credential storage when a user logs out of their account on a web page.
If you are using the API, when you select this option, you then specify which domains or hosts the policy should apply to. You can add up to 10 domains.
When you enable this feature, users will be prompted for credentials on their next login.
  • BlackBerry Access for Android
  • BlackBerry Access for iOS

Network

Setting
Description
Applies to
Enter comma separated
Kerberos
realm mappings e.g.: foo=FOO.COMPANY.COM
This setting specifies
Kerberos
realm mappings.
Kerberos
authentication realms define areas that are under control of
Kerberos
. These mappings allow you to equate realm names with other names that are accessible or for some other reason.
The limit is 4000 characters.
  • BlackBerry Access for Android
  • BlackBerry Access for iOS
  • BlackBerry Access for Windows
  • BlackBerry Access for macOS
Enable
Kerberos
Forwardable Ticket
This setting specifies whether
Kerberos
Forwardable tickets can be used.
Forwardable tickets in
Kerberos
are client-side authentication credentials that are tied to a particular IP address that can be treated as new tickets with other IP addresses.
  • BlackBerry Access for Android
  • BlackBerry Access for iOS
Resolve short names to full qualified domain name (FQDN) for
Kerberos
authentication
This setting specifies whether users can reach servers by typing the unqualified domain name instead of the FQDN for
Kerberos
authentication.
Enabling this setting may impact performance.
  • BlackBerry Access for Android
  • BlackBerry Access for iOS
  • BlackBerry Access for Windows
  • BlackBerry Access for macOS
Disable file upload and download on mobile connections (Windows Only)
This setting specifies whether files can be downloaded or uploaded when users are connected to a mobile network instead of a
Wi-Fi
network.
  • BlackBerry Access for Windows
Enable HTTP 2.0 Support
This setting specifies whether HTTP 2.0 is supported in
BlackBerry Access
.
  • BlackBerry Access for Android
  • BlackBerry Access for iOS
Enable Web Proxy
This setting specifies whether
BlackBerry Access
can communicate through a web proxy server.
  • BlackBerry Access for Android
  • BlackBerry Access for iOS
  • BlackBerry Access for Windows
  • BlackBerry Access for macOS
Use Proxy Auto Configuration
PAC files make it easier for users to work with proxy servers by hiding the complexities of authentication from the end user.
If your organization uses a PAC file to define proxy rules, you can select this setting to use the proxy server settings from the PAC file that you specify.
Enabling this setting will override static web proxy settings.
This setting requires
BlackBerry Dynamics
servers version 1.6 and later.
This setting is valid only if the "Enable Web Proxy" setting is selected.
  • BlackBerry Access for Android
  • BlackBerry Access for iOS
  • BlackBerry Access for Windows
  • BlackBerry Access for macOS
Enter URL for PAC file location
This setting specifies the URL for the web server that hosts the PAC file, including the PAC file name. For example, http://www.example.com/PACfile.pac.
The PAC file must not be hosted on the same server as
Good Control
or on the same server as
BlackBerry UEM
or any of its components. This configuration is not supported.
The limit is 4000 characters.
This setting is valid only if the "Enable Web Proxy" and "Use Proxy Auto Configuration" settings are selected.
  • BlackBerry Access for Android
  • BlackBerry Access for iOS
  • BlackBerry Access for Windows
  • BlackBerry Access for macOS
Use Static Web Proxy (Full Tunnel)
This setting specifies whether communications are enabled through a single web proxy service only.
This setting is valid only if the "Enable Web Proxy" setting is selected.
Enabling this setting overrides 'Enforce strict tunnel' settings.
  • BlackBerry Access for Android
  • BlackBerry Access for iOS
  • BlackBerry Access for Windows
  • BlackBerry Access for macOS
Proxy Host
This setting specifies the the FQDN or IP address of the proxy server.
This setting is valid only if the "Use Static Web Proxy (Full Tunnel)" setting is selected.
  • BlackBerry Access for Android
  • BlackBerry Access for iOS
  • BlackBerry Access for Windows
  • BlackBerry Access for macOS
Proxy Port
This setting specifies the port number of the proxy server.
This setting is valid only if the "Use Static Web Proxy (Full Tunnel)" setting is selected.
  • BlackBerry Access for Android
  • BlackBerry Access for iOS
  • BlackBerry Access for Windows
  • BlackBerry Access for macOS
Use HTTPS web proxy tunnel for above host
The HTTPS proxy can be specified either as a static proxy or through PAC:
  • You can specify the HTTPS using a BlackBerry UEM policy.
  • Example PAC script for an HTTPS proxy: function FindProxyForURL(url, host) { return "HTTPS secure-proxy.example.com:443"; }
  • BlackBerry Access for Android
  • BlackBerry Access for iOS
  • BlackBerry Access for Windows
  • BlackBerry Access for macOS
Enable PAC proxy check for all the sub-resources
You can use this setting to enforce PAC processing without caching.
Selecting this setting has an impact on the performance of your organization’s environment. It is recommended to use this feature for special circumstances only.
  • BlackBerry Access for Android
  • BlackBerry Access for iOS
  • BlackBerry Access for Windows
  • BlackBerry Access for macOS

RSA

Setting
Description
Applies to
Enable
RSA SecurID
This setting specifies whether users can use
RSA SecurID
token authentication to authenticate with
BlackBerry Access
, instead of a password.
  • BlackBerry Access for Android
  • BlackBerry Access for iOS
Prompt PIN for PINPAD Token
This setting specifies whether users are always prompted for an
RSA SecurID
PIN.
This setting is valid only if the "Enable RSA SecurID" setting is selected.
  • BlackBerry Access for Android
  • BlackBerry Access for iOS
Token File Password Retry Count
This setting specifies the number of times that a user can enter an incorrect
RSA SecurID
PIN before they are locked out.
This setting is valid only if the "Enable RSA SecurID" setting is selected.
  • BlackBerry Access for Android
  • BlackBerry Access for iOS
Token Request SendTo Email Address
This setting specifies the email address of your
RSA
authentication manager. All
RSA SecurID
token seed record requests are sent to this address.
This setting is valid only if the "Enable RSA SecurID" setting is selected.
  • BlackBerry Access for Android
  • BlackBerry Access for iOS
Token Request CC Email Address
This setting specifies the email address that should be CC'd for all
RSA SecurID
token seed record requests.
This setting is valid only if the "Enable
RSA SecurID
" setting is selected.
  • BlackBerry Access for Android
  • BlackBerry Access for iOS
Token Request Email Subject
This setting specifies the email subject for token request emails.
This setting is valid only if the "Enable
RSA SecurID
" setting is selected.
  • BlackBerry Access for Android
  • BlackBerry Access for iOS

Features

Setting
Description
Applies to
Allow user to upload
This setting specifies whether users can upload files to web pages in
BlackBerry Access
. Files can have a maximum size of 20 MB.
  • BlackBerry Access for Android
  • BlackBerry Access for iOS
Allow user to take new photos/videos and upload
This setting specifies whether users can take photos and videos and upload the photos and videos to a web page. Users must allow
BlackBerry Access
to access their cameras. Files can have a maximum size of 20 MB.
  • BlackBerry Access for Android
  • BlackBerry Access for iOS
Allow user to select existing photos/videos to upload
This setting specifies whether users can upload existing photos and videos from their photo libraries to a web page. Files can have a maximum size of 20 MB.
  • BlackBerry Access for Android
  • BlackBerry Access for iOS
Allow user to select files from file providers to upload
This setting specifies whether users can upload files from other file apps. Files can have a maximum size of 20 MB.
  • BlackBerry Access for Android
  • BlackBerry Access for iOS
Allow user to upload files from the Dynamics container
This setting specifies whether users can upload files that have been downloaded to the downloads folder in
BlackBerry Access
.
  • BlackBerry Access for Android
  • BlackBerry Access for iOS
Allow WebRTC (iOS only)
This setting turns on the use of WebRTC, which provides microphone and camera support required by services such as Zoom and Webex.
Note
: WebRTC traffic is not routed through the BlackBerry Dynamics secure tunnel regardless of the network connectivity profile settings. WebRTC traffic goes direct to the internet. Also, Connectivity profile settings do not apply to WebRTC traffic.
BlackBerry Access for iOS
Enable exporting to 3rd-party native apps
Select the "Enable exporting to 3rd-party native apps" option to specify whether to allow the transfer of files to third-party native apps on the user's device. You can allow and disallow specific apps by app ID. By default, this setting is not selected.
Consider the following scenarios when you enable this feature to allow or block exporting to 3rd-party native apps:
  • If you select "Allow exporting to only these apps", but do not specify one or more app IDs, the "Share" option is not available and users are restricted from sharing files to apps of their choice.
  • If you select "Allow exporting to only these apps" and specify one or more app IDs, users can share files to the specified apps. When users try to share a file to an app that is not listed, they receive an error message.
  • If you select "Block exporting to only these apps", but do not specify one or more app IDs, users can share files to apps of their choice.
  • If you select "Block exporting to only these apps", and specify one or more app IDs, users cannot share files to the specified apps.
This policy is not applied when the CylanceAvert policy "Do not allow copying data from
BlackBerry Dynamics
apps into non BlackBerry Dynamics apps" option is selected in the
BlackBerry Dynamics
profile. For more information about the
BlackBerry Dynamics
profile, see the Managing BlackBerry Dynamics apps content.
  • BlackBerry Access for iOS

BlackBerry Work
(Mac and Win)

Setting
Description
Applies to
Launch mail app on browser start
This setting specifies whether the mail app opens instead of a browser window when
BlackBerry Access
starts.
  • BlackBerry Access for Windows
  • BlackBerry Access for macOS
Enable avatar photos
This setting specifies whether users can set avatar photos. If it is disabled, the user's initials appear instead.
  • BlackBerry Access for Windows
  • BlackBerry Access for macOS
EWS server
Optionally, you can use this setting to specify the URL that the mail app uses for
Microsoft Exchange Web Services
provisioning. Otherwise,
BlackBerry Work
uses autodiscovery methods to locate the EWS server.
Optionally, you can enter a series of name=value pairs separated by commas, where the name designates an email domain and the value designates the URL for the EWS endpoint for that domain. Using this method, administrators can assign multiple users with different EWS endpoints to the same application policy and be able to control where the mail app accesses mail, based on the user’s email domain.
For example:
  • Single value: blackberry.com=http://mail.blackberry.com
  • Multiple values: blackberry.com=http://mail.blackberry.com,yahoo.com=https://mail.yahoo.com
BlackBerry Access
does not validate the entries. All related logs are prefixed by [WEB_MAIL] EWS URL Resolution: at the INFO log level.
  • BlackBerry Access for Windows
  • BlackBerry Access for macOS
Enable KCD or PKNIT Support
This setting specifies whether the mail app can use
Kerberos
constrained delegation.
  • BlackBerry Access for Windows
  • BlackBerry Access for macOS
Use client certificate in place of login/password
This setting specifies whether users can use SSL certificates instead of using a login and password to authenticate with
BlackBerry Work
. Depending on your environment, SSL certificates must be uploaded to
BlackBerry UEM
or
Good Control
. For more information, see Managing certificates.
  • BlackBerry Access for Windows
  • BlackBerry Access for macOS
Disable Notifications
This setting specifies whether
BlackBerry Work
displays notifications for mail and calendar events.
  • BlackBerry Access for Windows
  • BlackBerry Access for macOS
Enable email Classification Markings
This setting specifies whether to enable email classification markings, such as INTERNAL, CONFIDENTIAL, NO FORWARD, and/or NO REPLY. If selected, specify the following sample information in the Classifications and caveats field as required:
<emailClassificationMarks> <options> <classifications>ON</classifications> <caveats>OFF</caveats> <classificationDefault>INTERNAL</classificationDefault> <caveatDefault>NO FORWARD</caveatDefault> </options> <classifications> <classification> <select>INTERNAL</select> <subject>(INTERNAL)</subject> </classification> <classification> <select>CONFIDENTIAL</select> <subject>[CONFIDENTIAL]</subject> </classification> </classifications> <caveats> <caveat> <select>NO FORWARD</select> <subject>(DO NOT FORWARD)</subject> </caveat> <caveat> <select>NO REPLY</select> <subject>(DO NOT REPLY)</subject> </caveat> </caveats> </emailClassificationMarks>
  • BlackBerry Access for Windows
  • BlackBerry Access for macOS
Require all emails to have Email Classification
This setting specifies whether users are required to specify one of the classification options that are set in the 'Enable email Classification Markings' policy xml file.
This setting is valid only if the "Enable email Classification Markings" setting is selected.
  • BlackBerry Access for Windows
  • BlackBerry Access for macOS
Display warning while sending message if recipient's email domain is unauthorized
This setting specifies whether to display a warning if the user is sending an email to a recipient in an email domain that is not authorized. If selected, specify email domains you want to authorize in the Authorize email domains field.
Users will notice that email addresses in untrusted domains appear in purple text.
  • BlackBerry Access for Windows
  • BlackBerry Access for macOS
Default signing algorithm
This setting specifies the algorithm to use for signing sent messages.
  • BlackBerry Access for Windows
  • BlackBerry Access for macOS
Default encryption algorithm
This setting specifies the algorithm to use for encrypting sent messages.
  • BlackBerry Access for Windows
  • BlackBerry Access for macOS
Enable Revocation Checking
This setting allows you to set revocation checking of all certificates used for signing/encryption and signing verification/decryption of S/MIME messages.
  • When you select this box,
    Use AIA extension in certificate if present
    is selected by default.
  • In the
    Default OSCP URL
    field, specify the web address of the OSCP service. The OCSP URI is used by the S/MIME verification APIs as an OCSP revocation check service if an AIA extension is not present in a certificate or if the
    Use AIA extension in certificate if present
    check box is not selected.
  • BlackBerry Access for Windows
  • BlackBerry Access for macOS
Use
Office 365
Modern Authentication
This setting allows you to configure options for
Microsoft Office 365
. Modern authentication enables
BlackBerry Work
to us sign-in features such as Multi-Factor Authentication and SAML-based third-party Identity Providers. If selected, specify the following:
  • In the
    Azure
    App ID field, specify the
    Microsoft Azure
    app ID for
    BlackBerry Work
    .
    For information on how obtain an
    Azure
    app ID, see Obtain an Azure app ID for BlackBerry Work for Windows and macOS.
  • In the
    Office 365
    Sign On URL field, specify the web address that
    BlackBerry Work
    should use when it signs in to
    Office 365
    . If you do not specify a value,
    BlackBerry Work
    uses https://login.microsoftonline.com during setup.
  • In the
    Office 365
    Tenant ID field, specify the tenant ID of the
    Office 365
    server that you want
    BlackBerry Work
    to connect to during setup.
  • In the
    Office 365
    Resource field, specify the resource URL of the
    Office 365
    server that you want
    BlackBerry Work
    to connect to during setup. If you do not specify a value,
    BlackBerry Work
    uses https://outlook.office365.com during setup.
  • BlackBerry Access for Windows
  • BlackBerry Access for macOS

BlackBerry Access
(Mac and Win)

Setting
Description
Applies to
Enable WebRTC
This setting specifies whether to enable access to WebRTC protocol-based destinations such as
Citrix
VDI browser-based access.
For information on how to configure
BlackBerry Access
to support WebRTC, see Configure access to WebRTC-based destinations.
  • BlackBerry Access for Windows
  • BlackBerry Access for macOS
Enable Microphone Access
This setting specifies whether
BlackBerry Access
should display a prompt that allows users to permit websites to use the device's microphone. You can enable it only if WebRTC is enabled.
  • BlackBerry Access for Windows
  • BlackBerry Access for macOS
Enable Camera Access
This setting specifies whether
BlackBerry Access
should display a prompt that allows users to permit websites to use the device's camera. You can enable it only if WebRTC is enabled.
  • BlackBerry Access for Windows
  • BlackBerry Access for macOS
Enable UDP Protocol support
This setting specifies whether to allow UDP connections initiated by websites.
  • BlackBerry Access for Windows
  • BlackBerry Access for macOS
Enable Printing
This setting specifies whether to allow users to print web pages.
  • BlackBerry Access for Windows
  • BlackBerry Access for macOS
Enable embedded PDF viewer
This setting specifies whether to allow users to view embedded PDFs from within
BlackBerry Access
.
  • BlackBerry Access for Windows
  • BlackBerry Access for macOS
Automatically open PDF and
Microsoft Office
documents after download
  • BlackBerry Access for Windows
  • BlackBerry Access for macOS
Enable
Microsoft Office
URI support
Only
Microsoft Office
URIs that specify online documents are supported.
  • BlackBerry Access for Windows
  • BlackBerry Access for macOS
Enable Upgrade Notifications
This setting specifies whether to push notifications to users when a new upgrade is available.
If selected, specify the following:
  • In the Min Windows Version field, specify the minimum
    BlackBerry Access for Windows
    version. If there are versions available that are later than the version specified in this field, users will be sent an upgrade notification.
  • In the Min Mac Version field, specify the minimum
    BlackBerry Access for macOS
    version. If there are versions available that are later than the version specified in this field, users will be sent an upgrade notification.
  • In the Win Download URL field, specify the URL  for the
    BlackBerry Access for Windows
    app.
  • In the Mac Download URL field, specify the URL  for the
    BlackBerry Access for Windows
    app.
  • In the Notification Message, you can create a custom message or leave the default message.
  • BlackBerry Access for Windows
  • BlackBerry Access for macOS
Enable Awingu Extension
This setting specifies whether to enable the Awingu extension which allows users to store their Awingu credentials. Also, when enabled, an icon is added to the toolbar in
BlackBerry Access
and users can launch Awingu by clicking the icon in the toolbar.
If selected, you must specify the following:
  • In the Awingu URL field, specify your organization's Awingu URL. For example, yourcompany.awingu.com
  • In the Awingu DOMAIN field, specify your organization's Awingu domain.
  • BlackBerry Access for Windows
  • BlackBerry Access for macOS
Enable installation of extensions
This setting specifies whether to allow websites to download extensions for third-party apps.
If selected, in the Permitted Extension Ids field, specify one more more extension IDs that can be installed. The source can be from any URL.
WebEx
and
Skype
can be enabled either by adding their extension ids or by adding their protocols to the external protocols list.
In the
Chrome
app store, users can add only apps that have permitted extensions.
If an extension is enabled and installed, and the administrator removes its ID, the extension is removed from
BlackBerry Access
. If the administrator re-adds the extension, the user must restart
BlackBerry Access
to be able to add the app from the
Chrome
app store.
  • BlackBerry Access for Windows
  • BlackBerry Access for macOS
Enable developer mode
This setting allows you to enable developer mode in
BlackBerry Access
.
  • BlackBerry Access for Windows
  • BlackBerry Access for macOS