Blackberry SWD-20120924140022907 - page 314

Configure download limits for media content types, 312

To permit BlackBerry device users to access resources on your organization's network using BlackBerry devices without

requiring the users to type a user name and password each time they access the network resources, you can configure the

BlackBerry MDS Connection Service to support Integrated Windows authentication. Users can then access network

resources such as intranet sites and network shared folders on their devices using the BlackBerry Browser or Files

application without typing a user name and password.

Before you configure the BlackBerry MDS Connection Service to support Integrated Windows authentication, you must

Service must connect to. The S4U2proxy extension that the BlackBerry MDS Connection Service uses to retrieve the

Kerberos service tickets for users requires a two-way trust between Microsoft Active Directory domains.

After you turn on Integrated Windows authentication and specify a Microsoft Active Directory account in the BlackBerry

Administration Service, you must specify web address patterns for the network resources that you want to permit users to

access, create a pull rule for the web address patterns, permit access to the web address patterns using the pull rule, and

assign the pull rule to users or a group.

After you configure the BlackBerry MDS Connection Service to support Integrated Windows authentication, the BlackBerry

MDS Connection Service uses the Microsoft Active Directory account to verify login information for a user and access the

network resources on behalf of the user. The BlackBerry Enterprise Server then sends information from the network

resources to the user's device.