When ADFS is not accessible outside of the work network, attempts to use 

Office 365

 modern authentication may fail in 

BlackBerry Work

, Notes, and Tasks

When ADFS is not accessible outside of the work network, attempts to use modern authentication may fail, especially for 

Android

 devices, and  

BlackBerry Work

 may display a blank white screen for a long time.

BlackBerry Work

 requires a valid path to the ADFS server. The required network path depends on whether ADFS is published externally and what routing rules are configured in the BlackBerry Dynamics Connectivity profile. 

Android

 devices also require additional configuration to allow connectivity to ADFS servers that are hosted internally and not published externally. These steps are not required if your ADFS servers are published externally.

For ADFS servers hosted internally, complete the following steps.

 

Update the app configuration settings 

 

In the 
BlackBerry UEM
 console, navigate to 
Apps > BlackBerry Work
.
Select the app configuration that you need to update.
Select the 
Advanced Settings 
tab.
Check 
Proxy Office 365 Modern Authentication requests 
(Android only).
Save settings.

Update the WIASupportedUserAgent string

If ADFS is configured to allow 

Windows

 Integrated Authentication for internal connections, it may be necessary to modify the 'WIASupportedUserAgent' property on ADFS. Depending on your configuration, 

BlackBerry Work

 can be configured to use Forms Based authentication instead. For information on how to set this value, see Configure single sign-on for BlackBerry Dynamics apps in BlackBerry UEM. 

 

Note

: Generally, it is recommended that you use forms based authentication. 

Windows

 Integrated Authentication is not directly supported by 

BlackBerry Work

. However, WIA can be used if Kerberos Constrained Delegation is also configured. For more information on implementing KCD with 

BlackBerry Work

, see  http://support.blackberry.com/kb/articleDetail?articleNumber=000046407.