System requirements
Steps to set up Office 365 modern authentication for BlackBerry Dynamics apps
Enable modern authentication for the Mail service in BEMS
Enable modern authentication for the Docs service in BEMS
- Configuring Docs for Rights Management Services
  - Steps to deploy Azure IP Rights Management Services support for the Docs service
- Enable modern authentication for the SharePoint storage service
Configure BlackBerry Work for iOS and Android app settings for Office 365 modern authentication
- Obtain an Azure app ID for BlackBerry Work
Configure BlackBerry Work for Windows and macOS app settings for Office 365 modern authentication
- Obtain an Azure app ID for BlackBerry Work for Windows and macOS
Configure BlackBerry Notes and BlackBerry Tasks app settings for Office 365 modern authentication
- Obtain an Azure app ID for BlackBerry Tasks and BlackBerry Notes
Additional configuration options
- Configure single sign-on for BlackBerry Dynamics apps in BlackBerry UEM
Troubleshooting

Configure the
Docs
security settings

Docs

security settings control acceptable

Microsoft SharePoint Online

domains, the URL of the approved

Microsoft Office Web Apps

(OWAS), the appropriate LDAP domains to use, whether you want to use Kerberos constrained delegation for user authentication, and

Azure

-IP authentication. Delegation allows a service to impersonate a user account to access resources throughout the network. Constrained delegation limits this trust to a select group of services explicitly specified by a domain administrator.

Verify that one or more of the following are configured in your environment:

Kerberos constrained delegation for the

BlackBerry Docs

service is configured in your environment. For instructions, see Configuring Kerberos constrained delegation for the Docs service.

Resource-based Kerberos constrained delegation for the

BlackBerry Docs

service is configured in your environment. For instructions, see Configuring resource based Kerberos constrained delegation for the Docs service.

Your environment is configured to use

Azure

-IP, have the following information. For instructions, see Obtain the Azure IP authentication information for the Docs service.

BPOS TenantID

Symmetric Key

AppPrincipalID

Azure

Tenant Name

BEMS

Service

Azure

Application ID

BEMS

Service

Azure

Application Key

In the

BlackBerry Enterprise Mobility Server Dashboard

, under

BlackBerry Services Configuration

, click

Docs

Click

Settings

Select the

Enable Kerberos Constrained Delegation

checkbox to allow

Docs

to use Kerberos constrained delegation.

Separated by a comma, enter each of the

Microsoft SharePoint Online

domains you plan to make available. For more information, see Configuring support for Microsoft SharePoint Online and Microsoft OneDrive for Business.

Enter the URL for your approved

Office Web App Server

Provide your

Microsoft Active Directory

user domains (separated by commas), then enter the corresponding

LDAP Port

. LDAP (Lighweight Directory Access Protocol) is used to look up users and their membership in user groups.

Select the

Use SSL for LDAP

checkbox for secure communication with your

Microsoft Active Directory

servers.

Add the

Workspaces Public Key

. Adding the public key allows

BEMS

and the

BlackBerry Workspaces

server to communicate with each other. For more information about locating the public key, contact

BlackBerry Technical Support Services

Select the

Enable Azure Information Protections

check box to allow

Docs

to authenticate to

Azure

-IP. Complete the required fields to authenticate

Docs

Azure

-IP to allow the

Docs

to decrypt protected documents and confirm the rights any given user has on a document.

Click

Save

Restart the

Good Technology Common Services

for the changes to take effect.

Section:

Steps to deploy Azure IP Rights Management Services support for the Docs service

Configure the Docs security settings

Configure the
Docs
security settings