Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry Enterprise Mobility Server 3.8
  3. Configuring the BlackBerry Docs service
  4. Steps to configure the Docs service in an on-premises environment
  5. Configure the Docs network and security settings

Configure the
Docs
 network and security settings

Docs
 security settings control acceptable
Microsoft SharePoint Online
 domains, the URL of the approved
Microsoft Office Web Apps
 (OWAS) and
Office Online
 Server, the appropriate LDAP domains to use, whether you want to use Kerberos constrained delegation for user authentication, and
Entra
-IP authentication. Delegation allows a service to impersonate a user account to access resources throughout the network. Constrained delegation limits this trust to a select group of services explicitly specified by a domain administrator.
Verify that one or more of the following are configured in your environment:
  1. In the
    BlackBerry Enterprise Mobility Server Dashboard
    , under
    BlackBerry Services Configuration
    , click
    Docs
    .
  2. Click
    Settings
    .
  3. To allow
    Docs
     to use Kerberos constrained delegation, select the
    Enable Kerberos Constrained Delegation
     check box.
  4. If your environment requires a separate account to administer KCD, select the
    Use Separate Credential for Kerberos Constrained Delegation for Microsoft SharePoint
     check box and enter the required credentials.
  5. Separated by a comma, enter each of the Microsoft SharePoint Online domains you plan to make available. For more information, see Configuring support for Microsoft SharePoint Online and Microsoft OneDrive for Business.
  6. Enter the URL for your approved Office Web App or Office Online Server.
  7. Provide your Microsoft Active Directory user domains (separated by commas), then enter the corresponding
    LDAP Port
    . LDAP is used to look up users and their membership in user groups.
  8. Optionally, specify the timeout before the
    BEMS
     connection attempt to the LDAP server times out. In the
    LDAP Connection Timeout
     field, increase or decrease the value, in seconds, as required. This setting is valid only if
    Use SSL for LDAP
     is not enabled.
  9. Optionally, specify the timeout before the
    BEMS
     search for users and their membership in user groups times out. In the
    LDAP Search Timeout
     field, increase or decrease the value, in seconds, as required.
  10. To enable secure communication, select the
    Use SSL for LDAP
     check box.
  11. If your organization uses
    BlackBerry Workspaces
    , add the
    Workspaces Public Key
    . Adding the public key allows
    BEMS
     and the
    BlackBerry Workspaces
     server to communicate with each other. For more information about locating the public key, contact
    BlackBerry Technical Support Services
    .
  12. To allow
    Docs
     to authenticate to
    Entra
    -IP, select the
    Enable Azure Information Protection
     check box. Complete the
    Azure registration
     fields to authenticate
    Docs
     to
    Entra
    -IP to allow
    Docs
     to decrypt protected documents and confirm the rights any given user has on a document.
  13. Click
    Save
    .
If your environment has deployed
Entra
-IP Rights Management Services and uses a web proxy, configure
Windows
 with your proxy information, or
BlackBerry Work
 users will receive a permission error message when they attempt to access protected documents. For more information, see KB 139924.