BlackBerry is beta testing a BlackBerry Hub+ Services configuration for users in Office 365 that utilize Modern Authentication. Modern Authentication simplifies authentication for developers by providing identity as a service (IaaS), with support for industry-standard protocols such as OAuth 2.0.
Any app that wants to outsource authentication to Azure AD must first be registered in Azure AD, which registers and uniquely identifies the app in the directory, with an App ID.
You can use the managed configurations for BlackBerry Hub+ Services to configure email settings and preferences for BlackBerry Hub+ Services users in your organization.
If you manage your company’s devices with BlackBerry UEM version 12.7 or later, these email settings are removed from the Email profile section, and found in the BlackBerry Hub+ Services app settings. If you configure settings in the Email profile section and in the app settings, the app settings take precedence if both are assigned.
Step 1: Azure Console – Add application
- Setup the application in Azure console in the normal manner.
- Name: (select descriptive name for BlackBerry Hub, this is used by the IT administrator, and has no impact on the application)
- Application type: select “Native”
- Redirect link.
- Note the “Application ID”, this will be used to enter into UEM managed configuration for BlackBerry Hub+ Services.
Step 2: Azure Console – Configure a client application to access web APIs – Section 5 (permissions)
- Select API: Microsoft Graph
- Select Permissions: “Sign in an read user profile” under “Delegated Permissions”
- Select API: Office 365 Exchange Online
- Select Permissions: Access mailboxes via Exchange ActiveSync
Step 3: Azure Console – Assign users or groups the added BlackBerry Hub+ Services application
Step 4: UEM Console – Setup BlackBerry Hub+ Services through the managed configuration
- Ensure that UEM 12.7 or later is used to access managed configurations – follow additional instructions to push application to users.
- Ensure that you’re on Hub+ Services version 1.6.1 or later.
- While setting up BlackBerry Hub+ Services managed configuration fields, you’ll also find “OAuth authentication: Client ID”. This is where you’ll enter the “Application ID” from Azure Console when you registered BlackBerry Hub.
Step 5: User device client setup (BlackBerry Hub)
Once the UEM managed account is pushed to the user, they’ll get a notification to log in. During the account setup they’ll be automatically brought to the Azure login screen.