Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry Enterprise Mobility Server 3.8
  3. Configuring BlackBerry Mail
  4. Grant application impersonation permission to the service account

Grant application impersonation permission to the service account

Complete this task if your environment uses an on-premises
Microsoft Exchange Server
. For the
BlackBerry Push Notifications
 service to monitor mailboxes for updates, the
BlackBerry Push Notifications
 service account must have impersonation permissions.
  1. Complete one of the following actions to apply Application Impersonation permissions to the service account:
    Grant application impersonation permissions
    Steps
    Using the Exchange Administration Center
    1. In a browser window, type
      https://<
      url_to_on-premises_client_access_server
      >/ecp
       and sign in with a valid account.
    2. Click
      permissions
      .
    3. Click The Add icon.
    4. Type a name and description for the role group.
    5. In the
      Roles
       section, click The Add icon. Click
      ApplicationImpersonation > add > OK
      .
    6. In the
      Members
       section, click The Add icon. Click an account to add and then click
      add > OK
      .
    Using
    Microsoft Exchange Management Shell
    1. Open
      Microsoft Exchange Management Shell
      .
    2. Type
      New-ManagementRoleAssignment -Name:<
      ImpersonationAssignmentName
      > -Role:ApplicationImpersonation -User:<
      ServiceAccount
      >
      . For example,
      New-ManagementRoleAssignment -Name:BlackBerryAppImpersonation -Role:ApplicationImpersonation -User:BEMSAdmin
      .
    For more information on how to restrict Application Impersonation rights to specific users, organizational units, or security groups, see the
    Microsoft
     resource How to: Configure impersonation.