Configuring Kerberos constrained delegation for Docs
Configuring the Docs service to use Kerberos constrained delegation (KCD) for accessing resources such as Microsoft SharePoint and File Shares removes the requirement for end-users to provide their network credentials to access to network resources using the Docs service.
Before configuring the Docs service to use KCD, it is important to understand that configuring KCD for Docs service is independent of configuring BlackBerry Dynamics KCD. This means, for example, that if your mobile app (for example, BlackBerry Work) requires use of the Docs service exclusively, you only need to configure KCD for the Docs service.
For example, the following diagram charts a sample KCD call flow for BlackBerry Work.
All KCD transactions are between the Docs service account and the key distribution center (KDC) and respective resources. No KCD information is cached on the mobile app. The Docs service uses Microsoft’s Service for User (S4U) specifications for KCD. For more information on S4U, visit the MSDN Library to see: https://msdn.microsoft.com/en-us/library/cc246071.aspx.