Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry Enterprise Mobility Server 3.5
  3. Configuring the BlackBerry Docs service
  4. Steps to configure the Docs service
  5. Configure the Docs security settings
  6. Configuring Kerberos constrained delegation for Docs

Configuring Kerberos constrained delegation for
Docs

Configuring the
Docs
 service to use Kerberos constrained delegation (KCD) for accessing resources such as
Microsoft SharePoint
 and File Shares removes the requirement for end-users to provide their network credentials to access to network resources using the
Docs
 service.
Before configuring the
Docs
 service to use KCD, it is important to understand that configuring KCD for
Docs
 service is independent of configuring
BlackBerry Dynamics
 KCD. This means, for example, that if your mobile app (for example,
BlackBerry Work
) requires use of the
Docs
 service exclusively, you only need to configure KCD for the
Docs
 service. It is recommended to configure the
Docs
 service to use resource based Kerberos constrained delegation to access resources and remove the requirement for users to provide their network credentials to access resources within the domain, and between domains and forests. For more information on resource based Kerberos constrained delegation, see Configuring resource based Kerberos constrained delegation for the Docs service.
For example, the following diagram charts a sample KCD call flow for
BlackBerry Work
.
KCD call flow
All KCD transactions are between the
Docs
 service account and the key distribution center (KDC) and respective resources. No KCD information is cached on the mobile app. The
Docs
 service uses
Microsoft
’s Service for User (S4U) specifications for KCD. For more information on S4U, visit the MSDN Library to see: https://msdn.microsoft.com/en-us/library/cc246071.aspx.