Turn on Kerberos constrained delegation
When you configure
Kerberos
constrained delegation (KCD) or resource-based KCD for the Docs
service, consider the following:
- OnlyWindowsauthentication inMicrosoft SharePointis supported. Forms-based and claims-based authentication are not supported.
- IP addresses are not allowed in theMicrosoft SharePointURLs and File Share paths that you configure inBEMS.
- In theBlackBerry Enterprise Mobility Server Dashboard, underBlackBerry Services Configuration, clickDocs.
- ClickSettings.
- In theKerberos Constrained Delegationsection, select theEnable Kerberos Constrained Delegationcheckbox.
- If your environment requires a separate account to administer KCD, selectUse Separate Service Credentials for Kerberos Constrained Delegationcheckbox.
- Enter the credentials for the account that will be used to authenticate toSharePointfor KCD.
- ClickSave.
- Restart theGood Technology Common Servicesservice.
- On the computer that hosts theBEMS-Docsservice, grant theAct as part of the operating systemprivilege to theBEMSserver account (for example, GoodAdmin).
- Run theLocal Security Policyadministrative tool.
- In the left pane, expandLocal Policies.
- ClickUser Rights Agreement.
- Configure the service account for theAct as part of the operating systempermission.
- ClickOK.