- BlackBerry Docs service
- Steps to configure the Docs service
- Configure the database connection for the BlackBerry Docs service
- Configure a web proxy server for the Docs service
- Configure the Docs network and security settings
- Configuring Microsoft Office Web Apps and Office Online Server for Docs service support
- Configuring Kerberos constrained delegation for Docs
- Configuring Kerberos constrained delegation for the Docs service
- Find the SharePoint application pool identity and port
- Create Service Principal Names
- Add Kerberos constrained delegation in Microsoft Active Directory for Microsoft SharePoint
- Add Kerberos constrained delegation for file shares
- Turn on Kerberos constrained delegation
- Configuring resource based Kerberos constrained delegation for the Docs service
- Obtain an Entra app ID for the BEMS-Docs component service
- Storage services
- Managing Repositories
- Repositories
- Enable modern authentication for Microsoft SharePoint Online
- Configuring repositories
- Admin-defined shares
- Granting user access permissions
- Change access permissions
- Define a repository
- Edit a repository
- Define a repository list
- Add users and user groups to repositories and list definitions
- Allow user-defined repositories
- Enable user-defined repository permissions
- Access permissions
- Change user access permissions
- View user repository rights
- Enable users to access Box repository using a custom Box email address
- Configuring Docs for Rights Management Services
- Using the Docs Self-Service web console
- Configuring support for Microsoft SharePoint Online and Microsoft OneDrive for Business
- Auditing the Docs service
- In a BlackBerry UEM environment, add an app server hosting the BEMS-Docs service to a BlackBerry Dynamics connectivity profile
- Configuring Good Control for Docs service
- Configuring the Docs instance for high availability
- Disaster recovery
- Next steps
- Appendix: File types supported by the BlackBerry Docs service
- Windows Folder Redirection (Native)
- Local Folder Synchronization – Offline Folders (Native)
- Appendix: Supported Microsoft Office Web Apps and Office Online Server file types
Add Kerberos constrained delegation for file shares
The main difference between sharing files in File Share repositories, compared to sharing apps (for example,
Microsoft
SharePoint
), is that here the delegation is to the computer hosting the BEMS
instance account and not to the Docs
service process user, BEMSAdmin.- OpenMicrosoft Active Directory Users and Computers.
- In your domain, clickComputers.
- Right-click theBEMScomputer entry. ClickProperties.
- Click theDelegationtab.
- In theMicrosoft Active Directoryaccount properties, on theDelegationtab, select the following options:
- Trust this user for delegation to specified services only
- Use any authentication protocol
- ClickAdd, selectUsers or Computers, type in the name of the server whose file share needs access and clickOK.
- In the list of services, clickcifs. ClickOK.
- Repeat Step 3 to 6 for each server that has file shares needing access.
- Restart theBEMSserver. Since Kerberos tokens are cached, restarting theBEMSserver is the only way to make sure all delegation changes are received on the machines.