- Introducing BlackBerry Workspaces administration console
- Getting started
- Managing resources using Central Management
- Provisioning users and devices
- Configuring integrations
- Setting security policies
- Generating logs and reports
- Configuring BlackBerry Workspaces
- Managing authentication
- Automatically authenticate a user
- Block unprovisioned users from creating accounts
- Configure browser inactivity timeout
- Configure the organization authentication method
- About email authentication
- About username and password authentication
- 1.1About Microsoft Active Directory authentication
- About BlackBerry Enterprise Identity authentication
- About OAuth integration with third-party providers
- About multimode authentication
- About BlackBerry Dynamics authentication
- Simplified login process for internal users
- Configure service accounts
Working with Microsoft Active
Directory
Microsoft Active
Directory
Active
Directory and BlackBerry Workspaces
Active
Directory
and BlackBerry Workspaces
BlackBerry Workspaces
workspace owners and administrators can define groups based on Active
Directory
Security groups. BlackBerry Workspaces
maintains an association between the BlackBerry Workspaces
group and the Active
Directory
group.Workspace owners can share workspaces with
BlackBerry Workspaces
groups, in the same
way they share workspaces with Workspaces
groups. Permissions can be assigned to these groups in the same way they
are assigned to Workspaces
groups.When an
Active
Directory
user attempts to access the Workspaces
server, to access a workspace for example, Workspaces
queries the Active
Directory
server for all the Active
Directory
groups the user is a member of, then checks whether any of these (Active
Directory
) groups are associated with Workspaces
groups that permit the access that the user is attempting. If one is
found, access is permitted. The user will see, for example, only those workspaces or folders
that can be seen by the Workspaces
groups associated with Active
Directory
Security groups for which the user is a member.To improve performance,
BlackBerry Workspaces
caches the query response from Active
Directory
for a particular user for one hour, so subsequent queries will check the cache first. If
the information is no longer in the cache, the query will go to the Active
Directory
server.Metadata about
Active
Directory
groups, such as name and description, is updated on the associated BlackBerry Workspaces
groups once per
day.Active
Directory and sharing with BlackBerry Workspaces
Active
Directory
and sharing with BlackBerry Workspaces
BlackBerry Workspaces
Exchange users can send emails with secured attachments to Active
Directory
Distribution Groups. They cannot send to Active
Directory
Security groups or to the Active
Directory
Domain Group (of all users). Permissions for recipients of emails to access the secure
attachments are those that are explicitly set in the email or the default permissions for
sending emails (for the sender). BlackBerry Workspaces
uses Active
Directory
, in essence, as an address book to obtain the email addresses of all members of the Active
Directory
Distribution Group.