Configure the Docs security settings
Docssecurity settings control acceptable
Microsoft SharePoint Onlinedomains, the URL of the approved
Microsoft Office Web Apps(OWAS) and
Office OnlineServer, the appropriate LDAP domains to use, whether you want to use Kerberos constrained delegation for user authentication, and
Azure-IP authentication. Delegation allows a service to impersonate a user account to access resources throughout the network. Constrained delegation limits this trust to a select group of services explicitly specified by a domain administrator.
Verify that one or more of the following are configured in your environment:
- Kerberos constrained delegation for theBlackBerry Docsservice is configured in your environment. For instructions, see Configuring Kerberos constrained delegation for the Docs service.
- Resource-based Kerberos constrained delegation for theBlackBerry Docsservice is configured in your environment. For instructions, see Configuring resource based Kerberos constrained delegation for the Docs service.
- Your environment is configured to useAzure-IP, have the following information. For instructions, see Obtain an Azure app ID for the BEMS-Docs component service.
- AzureTenant Name
- BEMSServiceAzureApplication ID
- BEMSServiceAzureApplication Key
- Optionally, you can configureBEMSto allow users to authenticate toMicrosoft SharePoint Onlinewith an email address that is different from the email address that was used to install and activateBlackBerry Work. For instructions, see Enable the use of an alternate email address to authenticate to BEMS-Docs.
- In theBlackBerry Enterprise Mobility Server Dashboard, underBlackBerry Services Configuration, clickDocs.
- Select theEnable Kerberos Constrained Delegationcheckbox to allowDocsto use Kerberos constrained delegation.
- Separated by a comma, enter each of theMicrosoft SharePoint Onlinedomains you plan to make available. For more information, see Configuring support for Microsoft SharePoint Online and Microsoft OneDrive for Business.
- Enter the URL for your approved Office Web App orOffice OnlineServer.
- Provide yourMicrosoft Active Directoryuser domains (separated by commas), then enter the correspondingLDAP Port. LDAP (Lightweight Directory Access Protocol) is used to look up users and their membership in user groups.
- Select theUse SSL for LDAPcheckbox for secure communication with yourMicrosoft Active Directoryservers.
- Add theWorkspaces Public Key. Adding the public key allowsBEMSand theBlackBerry Workspacesserver to communicate with each other. For more information about locating the public key, contactBlackBerry Technical Support Services.
- Select theEnable Azure Information Protectionscheck box to allowDocsto authenticate toAzure-IP. Complete theAzure registrationfields to authenticateDocstoAzure-IP to allow theDocsto decrypt protected documents and confirm the rights any given user has on a document. For instructions about obtaining theAzureregistration fields, see Obtain an Azure app ID for the BEMS-Docs component service.
- Restart theGood Technology Common Servicesservice for the changes to take effect.