Skip Navigation

Grant application impersonation permission to the service account

For the
BlackBerry Push Notifications
service to monitor mailboxes for updates, the
BlackBerry Push Notifications
service account must have impersonation permissions.
  1. Complete one of the following actions to apply Application Impersonation permissions to the service account:
    Grant application impersonation permissions
    Steps
    Microsoft 365
    using the Exchange Administration Center console
    1. Click
      Roles > Admin roles
      .
    2. Click
      Add role group
      .
    3. Type a name for the role.
    4. In the
      Write scope
      drop-down list, click
      Default
      .
    5. Click
      Next
      .
    6. In the Search field, search for the
      ApplicationImpersonation
      role. Click the checkbox next to the role.
    7. Click
      Next
      .
    8. In the text field, type the member name or the service account that will process the notifications.
    9. Click
      Next
      .
    10. Click
      Add role group
      .
    11. Click
      Done
      .
    On-premises
    Microsoft Exchange
    using the Exchange Administration Center
    1. In a browser window, type
      https://<
      url_to_on-premises_client_access_server
      >/ecp
      and sign in with a valid account.
    2. Click
      permissions
      .
    3. Click The Add icon.
    4. Type a name and description for the role group.
    5. In the
      Roles
      section, click The Add icon. Click
      ApplicationImpersonation > add > OK
      .
    6. In the
      Members
      section, click The Add icon. Click an account to add and then click
      add > OK
      .
    Using
    Microsoft Exchange Management Shell
    1. Open
      Microsoft Exchange Management Shell
      .
    2. Type
      New-ManagementRoleAssignment -Name:<
      ImpersonationAssignmentName
      > -Role:ApplicationImpersonation -User:<
      ServiceAccount
      >
      . For example,
      New-ManagementRoleAssignment -Name:BlackBerryAppImpersonation -Role:ApplicationImpersonation -User:BEMSAdmin
      .
    For more information on how to restrict Application Impersonation rights to specific users, organizational units, or security groups, visit the MSDN Library to see How to: Configure impersonation.