Configure the
BlackBerry Secure Gateway
to use supported TLS versions and ciphers or OAuth

You can enable the

BlackBerry Secure Gateway

to use OAuth for modern authentication. To use OAuth you need the identity provider discovery document endpoint and mail server URL. For more information on the discovery document, see the Microsoft documentation.

You can also specify the TLS version and

Microsoft Exchange

SSL ciphers that the

BlackBerry Secure Gateway

uses for connections to

Exchange ActiveSync

On the menu bar, click

Settings > External Integration > BlackBerry Secure Gateway

To add or remove a TLS version or SSL cipher, click

in the appropriate table.

Click the TLS version or cipher that you want to add or remove from the

Selected

list.

Click the arrow to move the item to the desired list.

Click

Assign

To use modern authentication, select

Enable OAuth for mail server authentication

In the

Discovery endpoint

field, type the URL that the

BlackBerry Secure Gateway

uses to retrieve and cache the identity provider discovery document.

The URL should be in the format https://<identity provider>/.well-known/openid-configuration (for example,

https://login.microsoftonline.com/common/.well-known/openid-configuration

https://login.windows.net/common/.well-known/openid-configuration

). The

BlackBerry Secure Gateway

retrieves both the unversioned and v2.0 discovery documents and periodically refreshes the cached documents.

In the

Mail server resource

field, type the URL for the mail server specified in the email profile, starting with "https://" (for example.

https://outlook.office365.com

Click

Save

Section:

Protecting email data sent to iOS devices using the BlackBerry Secure Gateway

Configure the BlackBerry Secure Gateway to use supported TLS versions and ciphers or OAuth

Configure the
BlackBerry Secure Gateway
to use supported TLS versions and ciphers or OAuth