Credentials profiles deploy corporate certificates for user authentication to managed devices.


When deploying this profile for Smart Glasses configuration, there is a limit of two credentials supported.

Configure the following options to create certificate enabled profile:

  1. Navigate to Devices > Profiles & Resources > Profiles > Add > Add Profile > Android (Legacy) .

  2. Configure the profile's General settings.

    These settings determine how the profile deploys and who receives it. For more information on General settings, see Add General Profile Settings.

  3. Select the Credentials payload.
  4. Configure the Credentials settings, including:

    Settings Description
    Credential Source

    Upload a certificate from your local machine or define a Defined Certificate Authority, or upload a User Certificate.

    • If you choose to Upload a certificate, complete the following:
      • Credential Name – Enter the name of the credential or select on the information symbol to view acceptable lookup values like {EmailDomain} and {DeviceModel} to find the credential file to use.
      • CertificateUpload the new certificate or lookup values.
    • If you choose to use a Defined Certificate Authority, complete the following:
      • Certificate Authority for the Defined Certificate Authority – Select the external or internal CA issuing encryption keys for the PKI.
      • Certificate Template for the Defined Certificate Authority – Select the predefined template for the CA to use when requesting a certificate.
    • If you choose upload a User Certificate, select either S/MIME Certificate or S/MIME Encryption Certificate.
    • If you choose Derived Credentials, make sure to select the appropriate Key Usage which can be either Authentication, Signing, or Encryption.

      For more information on VMware PIV-D Manager, see Introduction to VMware PIV-D Manager.

      For more information on Derived Credentials, see VMware AirWatch Derived Credentials FAQ

  1. Navigate back to the previous payload for EAS, Wi-Fi, or VPN.

  1. Specify the Identity Certificate in the payload:

    Setting Description
    EAS Select the Identity Certificate under Login Information.
    WiFi Select a compatible Security Type (WEP Enterprise, WPA/WPA2 Enterprise or Any (Enterprise)) and select the Root Certificate under Authentication.

    Select a compatible Connection Type (for example, CISCO AnyConnect, F5 SSL) and select the Identity Certificate.

  2. Select Save & Publish after configuring the remaining settings.