Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry Enterprise Mobility Server 3.7
  3. Configuring the BlackBerry Docs service
  4. Steps to configure the Docs service
  5. Configure the Docs security settings

Configure the
Docs
 security settings

Docs
 security settings control acceptable
Microsoft SharePoint Online
 domains, the URL of the approved
Microsoft Office Web Apps
 (OWAS) and
Office Online
 Server, the appropriate LDAP domains to use, whether you want to use Kerberos constrained delegation for user authentication, and
Entra
-IP authentication. Delegation allows a service to impersonate a user account to access resources throughout the network. Constrained delegation limits this trust to a select group of services explicitly specified by a domain administrator.
Verify that one or more of the following are configured in your environment:
  1. In the
    BlackBerry Enterprise Mobility Server Dashboard
    , under
    BlackBerry Services Configuration
    , click
    Docs
    .
  2. Click
    Settings
    .
  3. Select the
    Enable Kerberos Constrained Delegation
     checkbox to allow Docs to use Kerberos constrained delegation.
  4. Separated by a comma, enter each of the Microsoft SharePoint Online domains you plan to make available. For more information, see Configuring support for Microsoft SharePoint Online and Microsoft OneDrive for Business.
  5. Enter the URL for your approved Office Web App or Office Online Server.
  6. Provide your Microsoft Active Directory user domains (separated by commas), then enter the corresponding
    LDAP Port
    . LDAP (Lightweight Directory Access Protocol) is used to look up users and their membership in user groups.
  7. Optionally, specify the timeout before the
    BEMS
     connection attempt to the LDAP server times out. In the
    LDAP Connection Timeout
     field, increase or decrease the value, in seconds, as required. The default value is 30 seconds. You can specify between zero and 300 seconds.
  8. Optionally, specify the timeout before the
    BEMS
     search for users and their membership in user groups times out. In the
    LDAP Search Timeout
     field, increase or decrease the value, in seconds, as required. The default value is 30 seconds. You can specify between zero and 300 seconds.
  9. Select the
    Use SSL for LDAP
     checkbox for secure communication with your Microsoft Active Directory servers.
  10. Add the
    Workspaces Public Key
    . Adding the public key allows BEMS and the BlackBerry Workspaces server to communicate with each other. For more information about locating the public key, contact BlackBerry Technical Support Services.
  11. Select the
    Enable Azure Information Protections
     check box to allow Docs to authenticate to
    Entra
    -IP. Complete the
    Azure registration
     fields to authenticate Docs to
    Entra
    -IP to allow the Docs to decrypt protected documents and confirm the rights any given user has on a document. For instructions about obtaining the Azure registration fields, see Obtain an Entra app ID for the BEMS-Docs component service.
  12. Click
    Save
    .
  13. Restart the Good Technology Common Services service for the changes to take effect.