| Configure the BlackBerry Device Service server to authenticate through the Enterprise Authentication Mechanism utilizing a cryptographic module meeting the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication. |
To configure the BDS server to authenticate via Active Directory the following process can be used:
Local authentication rules are handled by the host Operating system. Remote connection via web browser can be configured to use Microsoft Active Directory authentication during the installation of the BlackBerry Device Server.
Configure permissions for the service account:
The service account is a Windows account that runs the services for the BlackBerry Device Service. On the computer that you want to install the BlackBerry Device Service on, you must configure permissions for the service account. Without the correct permissions, the BlackBerry Device Service cannot run. If your organization's environment includes the BlackBerry Enterprise Server, you can use the BlackBerry Enterprise Server service account to install the BlackBerry Device Service. If you do not have a BlackBerry Enterprise Server service account, in Microsoft Active Directory, create a service account that you name BDSAdmin.
During the installation of the BlackBerry Device Service, steps 16 and 17 describe the setup of the Active Directory login, as follows:
16. In the Microsoft Active Directory settings dialog box, specify information for the reader account that the BlackBerry Administration Service uses to authenticate with Microsoft Active Directory. By default, the setup application uses the service account that you used in step 1. If you want to use a different account as the reader account, you must specify the username, password, and Windows domain for a Microsoft Active Directory account. The account must have permission to read the user information that is stored in the global catalog servers that the BlackBerry Administration Service can access.
17. In the Create an administrator account dialog box, perform one of the following actions:
* If you select Use Microsoft Active Directory authentication, you can choose to use the Microsoft Active Directory account that you used in step 16, or you can specify the username and Windows domain for a different Microsoft Active Directory account.
* If you select Use BlackBerry Administration Service authentication, type and confirm a password for the BlackBerry Administration Service administrator account.
You use the account information that you specify to log in to the BlackBerry Administration Service for the first time.
Log in to the BlackBerry Administration Service:
When you install the BlackBerry Administration Service, you specify the credentials that you use to log in to the BlackBerry Administration Service for the first time.
1. In the browser, type "https:///webconsole/login", where is the name of the computer that hosts the BlackBerry Administration Service.
2. In the "User name" field, type your username.
3. In the "Password" field, type your password.
4. Perform one of the following actions:
* In the "Log in using" drop-down list, click "BlackBerry Administration Service".
* In the "Log in using" drop-down list, click "Active Directory" and type the Microsoft Active Directory domain in the "Domain" field.
5. Click "Log in".
6. Install the RIMWebComponents.cab add-on if you are prompted to do so.
For further details regarding the BlackBerry Device Service Installation and configuration, see the accompanying Overview Document, and the "Install the BlackBerry Device Service software" section of the BlackBerry Enterprise Service 10 BlackBerry Device Service Installation and Configuration Guide.