Configuring Kerberos constrained delegation for the

Docs

service

Configuring the

Docs

service to use Kerberos constrained delegation (KCD) for accessing resources such as

Microsoft SharePoint

and File Shares removes the requirement for end-users to provide their network credentials to access network resources using the

Docs

service.

Before configuring the

Docs

service to use KCD, it is important to understand that configuring KCD for the

Docs

service is independent of configuring

BlackBerry Dynamics

KCD. This means, for example, that if your mobile app (for example,

BlackBerry Work

) requires use of the

Docs

service exclusively, you only need to configure KCD for the

Docs

service. It is recommended to configure the

Docs

service to use resource-based Kerberos constrained delegation to access resources and remove the requirement for users to provide their network credentials to access resources within the domain, and between domains and forests. For more information on resource-based Kerberos constrained delegation, see Configuring resource-based Kerberos constrained delegation for the Docs service.

All KCD transactions are between the

Docs

service account and the key distribution center (KDC) and respective resources. No KCD information is cached on the mobile app. The

Docs

service uses

Microsoft

’s Service for User (S4U) specifications for KCD. For more information, see the

Microsoft

resource Kerberos Protocol Extensions: Service for User and Constrained Delegation Protocol.

When you configure Kerberos constrained delegation (KCD) for

Docs

, you perform the following actions.

If you want to configure KCD for File Share repositories only, you can skip the

Microsoft SharePoint

configuration and skip directly to step 4, Add Kerberos constrained delegation for file shares.