- Introducing BlackBerry Workspaces administration console
- Getting started
- Managing resources using Central Management
- Provisioning users and devices
- Configuring integrations
- Setting security policies
- Generating logs and reports
- Configuring BlackBerry Workspaces
- Managing authentication
- Automatically authenticate a user
- Block unprovisioned users from creating accounts
- Configure browser inactivity timeout
- Configure the organization authentication method
- About email authentication
- About username and password authentication
- 1.1About Microsoft Active Directory authentication
- About BlackBerry Enterprise Identity authentication
- About OAuth integration with third-party providers
- About multimode authentication
- About BlackBerry Dynamics authentication
- Simplified login process for internal users
- Configure service accounts
Configure an Active
Directory
connection
Active
Directory
connectionIf the
BlackBerry Workspaces
server will be working with a Microsoft Active
Directory
server on your organization’s network, you must set parameters for the
connection between these servers. For appliance customers, using a valid signed certificate for
Active
Directory
FQDN is recommended. If you are using a self-signed certificate,
contact support for help to manually importing the root and intermediate certificates to
the server.For cloud customers that connect to a local
Active
Directory
server, a valid signed certificate must be used.- In the left pane, clickRoles by Active Directory.
- Do one of the following:
- If this is the first time you are configuring anActive Directoryconnection in your organization, proceed to step 3.
- If you already have a configured connection, click
> 
.
- SelectEnable provisioning of Active Directory Users and Groups, and set the following:
- Expose Active Directory Users with the following email domains: set names of domains of users who will be able to query theActive Directory.
- Active Directory Server Addresses: set up to three IP address(es) of the DNS server of theActive Directorydomain.
- Port: set the port of theActive Directoryserver. Default value is 389, the LDAP port.
- Base DN: set the base Distinguished Name in theActive Directorytree that will be exposed to theWorkspacesserver (for example, if only part of theActive Directorytree will be accessible to theWorkspacesserver).
- Username to connect to Active Directory: set the username in theActive Directoryby which theWorkspacesserver can connect.
- Password to connect to Active Directory: set the password for the above user.
- This is a global catalog server: set the server as a global catalog server. When enabling this option, make sure that the server port is set to match that of the global catalog port (by default).3268
- ClickApplyto test the parameters against the server to verify them.
- Repeat the above steps for all connections. There can be multiple connections to the sameActive Directoryserver, but each connection must connect to different parts of the tree. There can also be connections to multipleActive Directoryservers.
- To verify a connection, clickVerify.
- To remove a connection, clickDelete.