- Introducing BlackBerry Workspaces administration console
- Getting started
- Managing resources using Central Management
- Locate entities in Central Management
- Managing users
- Managing workspaces
- Managing distribution lists
- Managing permissions
- Managing documents
- Provisioning users and devices
- Provisioning roles by email domain
- Provisioning roles using Active Directory
- Managing blocked users
- Managing BlackBerry Workspaces apps
- Configuring integrations
- Managing content connectors
- Managing SharePoint protectors
- Managing Windows File Share connectors
- Managing the Workspaces Email Protector
- Enable Office Online integration
- Managing the DocuSign integration
- Managing the Dropbox connector
- Managing the iManage connector
- Workspaces Connector for BEMS
- Setting security policies
- Set file policies
- Set mobile policies
- Set sharing policies
- Set sync policies
- Bring Your Own Key (BYOK)
- Set watermarks as an organizational policy
- Generating logs and reports
- Generate a user activity report
- Generate a workspace activity report
- Generate an audit log
- Generate a licensing report
- Generating usage reports
- Generating storage reports
- Generate an organization activities report
- Generate an authentication activities report
- Configuring BlackBerry Workspaces
- Managing authentication
- Automatically authenticate a user
- Block unprovisioned users from creating accounts
- Configure browser inactivity timeout
- Configure the organization authentication method
- About email authentication
- About username and password authentication
- 1.1About Microsoft Active Directory authentication
- About BlackBerry Enterprise Identity authentication
- About OAuth integration with third-party providers
- About multimode authentication
- About BlackBerry Dynamics authentication
- Simplified login process for internal users
- Configure service accounts
Configure an Active
BlackBerry Workspacesserver will be working with a
Microsoft Active Directoryserver on your organization’s network, you must set parameters for the connection between these servers.
For appliance customers, using a valid signed certificate for
Active DirectoryFQDN is recommended. If you are using a self-signed certificate, contact support for help to manually importing the root and intermediate certificates to the server.
For cloud customers that connect to a local
Active Directoryserver, a valid signed certificate must be used.
- In the left pane, clickRoles by Active Directory.
- Do one of the following:
- If this is the first time you are configuring anActive Directoryconnection in your organization, proceed to step 3.
- If you already have a configured connection, click > .
- SelectEnable provisioning of Active Directory Users and Groups, and set the following:
- Expose Active Directory Users with the following email domains: set names of domains of users who will be able to query theActive Directory.
- Active Directory Server Addresses: set up to three IP address(es) of the DNS server of theActive Directorydomain.
- Port: set the port of theActive Directoryserver. Default value is 389, the LDAP port.
- Base DN: set the base Distinguished Name in theActive Directorytree that will be exposed to theWorkspacesserver (for example, if only part of theActive Directorytree will be accessible to theWorkspacesserver).
- Username to connect to Active Directory: set the username in theActive Directoryby which theWorkspacesserver can connect.
- Password to connect to Active Directory: set the password for the above user.
- This is a global catalog server: set the server as a global catalog server. When enabling this option, make sure that the server port is set to match that of the global catalog port (by default).3268
- ClickApplyto test the parameters against the server to verify them.
- Repeat the above steps for all connections. There can be multiple connections to the sameActive Directoryserver, but each connection must connect to different parts of the tree. There can also be connections to multipleActive Directoryservers.
- To verify a connection, clickVerify.
- To remove a connection, clickDelete.