Skip Navigation

Turn on Kerberos constrained delegation

When you configure
Kerberos
constrained delegation (KCD) or resource-based KCD for the
Docs
service, consider the following:
  • Only
    Windows
    authentication in
    Microsoft SharePoint
    is supported. Forms-based and claims-based authentication are not supported.
  • IP addresses are not allowed in the
    Microsoft SharePoint
    URLs and File Share paths that you configure in
    BEMS
    .
  1. In the
    BlackBerry Enterprise Mobility Server Dashboard
    , under
    BlackBerry Services Configuration
    , click
    Docs
    .
  2. Click
    Settings
    .
  3. In the
    Kerberos Constrained Delegation
    section, select the
    Enable Kerberos Constrained Delegation
    checkbox.
  4. If your environment requires a separate account to administer KCD, select
    Use Separate Service Credentials for Kerberos Constrained Delegation
    checkbox.
  5. Enter the credentials for the account that will be used to authenticate to
    SharePoint
    for KCD.
  6. Click
    Save
    .
  7. Restart the
    Good Technology Common Services
    service.
  8. On the computer that hosts the
    BEMS-Docs
    service, grant the
    Act as part of the operating system
    privilege to the
    BEMS
    server account (for example, GoodAdmin).
    1. Run the
      Local Security Policy
      administrative tool.
    2. In the left pane, expand
      Local Policies
      .
    3. Click
      User Rights Agreement
      .
    4. Configure the service account for the
      Act as part of the operating system
      permission.
  9. Click
    OK
    .