Skip Navigation

Configure the 
 security settings

 security settings control acceptable 
Microsoft SharePoint Online
 domains, the URL of the approved 
Microsoft Office Web Apps
 (OWAS), the appropriate LDAP domains to use, whether you want to use Kerberos constrained delegation for user authentication, and 
-IP authentication. Delegation allows a service to impersonate a user account to access resources throughout the network. Constrained delegation limits this trust to a select group of services explicitly specified by a domain administrator. 
Verify that one or more of the following are configured in your environment:
  1. In the 
    BlackBerry Enterprise Mobility Server Dashboard
    , under 
    BlackBerry Services Configuration
    , click 
  2. Click 
  3. Select the 
    Enable Kerberos Constrained Delegation
     checkbox to allow 
     to use Kerberos constrained delegation.
  4. Separated by a comma, enter each of the 
    Microsoft SharePoint Online
     domains you plan to make available. For more information, see Configuring support for Microsoft SharePoint Online and Microsoft OneDrive for Business.
  5. Enter the URL for your approved 
    Office Web App Server
  6. Provide your 
    Microsoft Active Directory
     user domains (separated by commas), then enter the corresponding 
    LDAP Port
    . LDAP (Lightweight Directory Access Protocol) is used to look up users and their membership in user groups.
  7. Select the 
    Use SSL for LDAP
     checkbox for secure communication with your 
    Microsoft Active Directory
  8. Add the 
    Workspaces Public Key
    . Adding the public key allows 
     and the 
    BlackBerry Workspaces
     server to communicate with each other. For more information about locating the public key, contact 
    BlackBerry Technical Support Services
  9. Select the 
    Enable Azure Information Protections
     check box to allow 
     to authenticate to 
    -IP. Complete the 
    Azure registration
     fields to authenticate 
    -IP to allow the 
     to decrypt protected documents and confirm the rights any given user has on a document. For instructions about obtaining the 
     registration fields, see Obtain an Azure app ID for the BEMS-Connect, BEMS-Presence, and BEMS-Docs component service.
  10. Click 
  11. Restart the 
    Good Technology Common Services
     for the changes to take effect.