Skip Navigation

Configure the
BlackBerry Secure Gateway
to use supported TLS versions and ciphers or OAuth

You can enable the
BlackBerry Secure Gateway
to use OAuth for modern authentication. To use OAuth you need the identity provider discovery document endpoint and mail server URL. For more information on the discovery document, see the Microsoft documentation.
You can also specify the TLS version and
Microsoft Exchange
SSL ciphers that the
BlackBerry Secure Gateway
uses for connections to
Exchange ActiveSync
  1. On the menu bar, click
    Settings > External Integration > BlackBerry Secure Gateway
  2. To add or remove a TLS version or SSL cipher, click The Add icon in the appropriate table.
  3. Click the TLS version or cipher that you want to add or remove from the
  4. Click the arrow to move the item to the desired list.
  5. Click
  6. To use modern authentication, select
    Enable OAuth for mail server authentication
  7. In the
    Discovery endpoint
    field, type the URL that the
    BlackBerry Secure Gateway
    uses to retrieve and cache the identity provider discovery document.
    The URL should be in the format https://<
    identity provider
    >/.well-known/openid-configuration (for example,
    ). The
    BlackBerry Secure Gateway
    retrieves both the unversioned and v2.0 discovery documents and periodically refreshes the cached documents.
  8. In the
    Mail server resource
    field, type the URL for the mail server specified in the email profile, starting with "https://" (for example.
  9. Click