Prerequisites
- Install all BlackBerry Enterprise Service 10 instances in the same Microsoft Active Directory network.
- Configure the BlackBerry Device Service and the Universal Device Service to connect to Microsoft Active Directory. Ensure that the BlackBerry Device Service and the Universal Device Service use the same connectivity settings to Microsoft Active Directory.
- Configure the consoles to use Microsoft Active Directory authentication.
- Create a Microsoft Active Directory account in the User Account forest. This account can be a basic Microsoft Active Directory Domain user account (for example, it can be an LDAP reader account). This account does not require additional permissions, such as the permissions that the account used to run BlackBerry Enterprise Service 10 services requires, and it does not require access to Microsoft Exchange objects.
- Configure the browsers used by administrators and BES10 Self-Service
users as follows:
- Integrated Windows Authentication turned on
- The BlackBerry Administration Service, Administration Console, BlackBerry Management Studio, and BES10 Self-Service URLs assigned to the local intranet zone
- The certificates for the BlackBerry Enterprise Service 10 consoles installed in the certificate store