Skip Navigation

Configure the
Docs
network and security settings

Docs
security settings control acceptable
Microsoft SharePoint Online
domains, the URL of the approved
Microsoft Office Web Apps
(OWAS) and
Office Online
Server, the appropriate LDAP domains to use, whether you want to use Kerberos constrained delegation for user authentication, and
Entra
-IP authentication. Delegation allows a service to impersonate a user account to access resources throughout the network. Constrained delegation limits this trust to a select group of services explicitly specified by a domain administrator.
Verify that one or more of the following are configured in your environment:
  1. In the
    BlackBerry Enterprise Mobility Server Dashboard
    , under
    BlackBerry Services Configuration
    , click
    Docs
    .
  2. Click
    Settings
    .
  3. Select the
    Enable Kerberos Constrained Delegation
    checkbox to allow
    Docs
    to use Kerberos constrained delegation.
  4. Separated by a comma, enter each of the Microsoft SharePoint Online domains you plan to make available. For more information, see Configuring support for Microsoft SharePoint Online and Microsoft OneDrive for Business.
  5. Enter the URL for your approved Office Web App or Office Online Server.
  6. Provide your Microsoft Active Directory user domains (separated by commas), then enter the corresponding
    LDAP Port
    . LDAP (Lightweight Directory Access Protocol) is used to look up users and their membership in user groups.
  7. Optionally, specify the timeout before the
    BEMS
    connection attempt to the LDAP server times out. In the
    LDAP Connection Timeout
    field, increase or decrease the value, in seconds, as required. The default value is 30 seconds. You can specify between zero and 300 seconds.
  8. Optionally, specify the timeout before the
    BEMS
    search for users and their membership in user groups times out. In the
    LDAP Search Timeout
    field, increase or decrease the value, in seconds, as required. The default value is 30 seconds. You can specify between zero and 300 seconds.
  9. Select the
    Use SSL for LDAP
    checkbox for secure communication with your Microsoft Active Directory servers.
  10. Add the
    Workspaces Public Key
    . Adding the public key allows BEMS and the BlackBerry Workspaces server to communicate with each other. For more information about locating the public key, contact BlackBerry Technical Support Services.
  11. Select the
    Enable Azure Information Protections
    check box to allow
    Docs
    to authenticate to
    Entra
    -IP. Complete the
    Azure registration
    fields to authenticate
    Docs
    to
    Entra
    -IP to allow
    Docs
    to decrypt protected documents and confirm the rights any given user has on a document. For instructions about obtaining the
    Entra
    registration fields, see Obtain an Entra app ID for the BEMS-Docs component service.
  12. Click
    Save
    .
  13. If your environment has deployed Entra IP Rights Management Services and uses a web proxy, configure
    Windows
    with your proxy information, or
    BlackBerry Work
    users will receive the following error message when they attempt to access protected documents: "User does not have access permission". For more information, see KB 139924.
  14. Restart the Good Technology Common Services service for the changes to take effect.