4.
In the
Login domain
section, in the
Single sign-on authentication for BlackBerry Administration Service turned on
drop-down list, click
Yes.
5.
To configure the Microsoft Active Directory account for each forest, in the
Account forest name
section, type the user
domain name, user name, and password for the Microsoft Active Directory account.
6.
Click
Save all
.
7.
In the Windows Services, restart all of the BlackBerry Enterprise Server services.
8.
Instruct all administrators and device users to add the web addresses for the BlackBerry Administration Service and
BlackBerry Web Desktop Manager to the list of web sites in the local intranet zone and install the certificate for the
BlackBerry Administration Service or BlackBerry Web Desktop Manager in the certificate store of their computers.
BlackBerry Administration Service web addresses and
BlackBerry Web Desktop Manager web addresses that
support BlackBerry Administration Service single sign-
on
If you configure BlackBerry Administration Service single sign-on, you must instruct administrators and BlackBerry Web
Desktop Manager users to access the BlackBerry Administration Service console and BlackBerry Web Desktop Manager
using the following web addresses:
• https://
<BAS_pool_FQDN>
/webconsole/login
• https://
<BAS_pool_FQDN>
/webdesktop/login
Single-sign authentication takes precedence over other authentication methods that permit administrators and users to log
in to the BlackBerry Administration Service console or BlackBerry Web Desktop Manager. If the security policies in your
organization require that administrators or users use another authentication method, you must instruct administrators or
users to access the BlackBerry Administration Service console or BlackBerry Web Desktop Manager using the following
web addresses:
• https://
<BAS_pool_FQDN>
/webconsole/app
• https://
<BAS_pool_FQDN>
/webdesktop/app
For example, the security policies in your organization might require that administrators log in using BlackBerry
Administration Service single sign-on and BlackBerry Web Desktop Manager users log in using IBM
®
Lotus Notes
®
user
names and passwords. In this scenario, you can instruct administrators to log into the BlackBerry Administration Service
console using the web address https://
<BAS_pool_FQDN>
/webconsole/login and instruct BlackBerry Web Desktop
Manager users to log in to BlackBerry Web Desktop Manager using the web address https://
<BAS_pool_FQDN>
/
webdesktop/app.
Administration Guide
Changing the security settings of the BlackBerry Administration Service and BlackBerry Web Desktop
Manager
271