Skip Navigation

Configure an
Active Directory
connection

If the
BlackBerry Workspaces
server will be working with a
Microsoft Active Directory
server on your organization’s network, you must set parameters for the connection between these servers.
For appliance customers, using a valid signed certificate for
Active Directory
FQDN is recommended. If you are using a self-signed certificate, contact support for help to manually importing the root and intermediate certificates to the server.
For cloud customers that connect to a local
Active Directory
server, a valid signed certificate must be used.
  1. In the left pane, click
    Roles by Active Directory
    .
  2. Do one of the following:
    • If this is the first time you are configuring an
      Active Directory
      connection in your organization, proceed to step 3.
    • If you already have a configured connection, click The Settings icon > The Add icon.
  3. Select
    Enable provisioning of Active Directory Users and Groups
    , and set the following:
    • Expose Active Directory Users with the following email domains
      : set names of domains of users who will be able to query the
      Active Directory
      .
    • Active Directory Server Addresses
      : set up to three IP address(es) of the DNS server of the
      Active Directory
      domain.
    • Port
      : set the port of the
      Active Directory
      server. Default value is 389, the LDAP port.
    • Base DN
      : set the base Distinguished Name in the
      Active Directory
      tree that will be exposed to the
      Workspaces
      server (for example, if only part of the
      Active Directory
      tree will be accessible to the
      Workspaces
      server).
    • Username to connect to Active Directory
      : set the username in the
      Active Directory
      by which the
      Workspaces
      server can connect.
    • Password to connect to Active Directory
      : set the password for the above user.
    • This is a global catalog server
      : set the server as a global catalog server. When enabling this option, make sure that the server port is set to match that of the global catalog port (
      3268
      by default).
  4. Click
    Apply
    to test the parameters against the server to verify them.
  5. Repeat the above steps for all connections. There can be multiple connections to the same
    Active Directory
    server, but each connection must connect to different parts of the tree. There can also be connections to multiple
    Active Directory
    servers.
  6. To verify a connection, click
    Verify
    .
  7. To remove a connection, click
    Delete
    .