After you set up the OpenTrust Application, you need to configure the OpenTrust Mobile Management Profile to point to one or more OpenTrust Applications. This completes the process by connecting all the points needed by OpenTrust to enroll devices submitted by AirWatch. A Mobile Management Profile essentially represents a list of one or more certificates linked together which will be retrieved by AirWatch and deployed on a given mobile device.

For example, one profile contains a single certificate for VPN users; one profile containing two certificates for S/MIME users; or one do-it-all profile containing authentication, signing, and encryption certificates. A Mobile Management Profile links all of these certificates together. When users enroll against a profile they get all the defined certificates in one go. Note that AirWatch supports only one credential per mobile management profile.

  1. Click the Create a new Mobile Management Profile drop-down arrow.
  2. Select MDM from the list.


    You can select Agent supported (BlackBerry), Generic, MDM, and iOS from the drop-down list. Since the configuration of all selection are similar, except for the addition configuration of Wi-Fi, Exchange, and VPN if you select iOS, and this guide is only intended to provide guidance through some examples, we chose the most common selection – MDM. For more detailed information, refer to your OpenTrust manual, or call their technical support.


  3. Click Create. The Edit a Mobile Management Profile - MDM window appears.


  4. Enter appropriate information in the Name, Description, and Title fields and then check the appropriate Application checkbox for the Public Key Infrastructure or CA Certificate you want to associate to the Profile.

  5. Click the Enrollment tab.


  6. Click the Identification Method drop-down arrow and select one method from the list. This allows you to choose any of the Internal Datasources that were previously created. Select the main datasource that was declared in Applications.

  7. Click the Revocation tab.


  8. Click to select the Revocation by an Administrator checkbox if you want to allow administrators to revoke this profile.

  9. Click Save. This saves the profile and completes the connection between the Datasource, Application, and Mobile Management Profile.