1. Select Microsoft ADCS as the Authority Type and enable Restricted Enrollment Agent.

    The User name and Password entered here require administrative access to the certificate authority server as mentioned in the prerequisites.

  2. Upload the public key file (.cer) exported in previous steps.

  3. Click Save.

Configure the Request Template

  1. Set the Issuing Template to either a default template or the template configured in “Configuring a Custom User Template.”
  2. Set the Requester Name to { EmailDomain}\{ EnrollmentUser} for best results. AD configuration in Workspace ONE UEM is required to populate the look up values accurately.

    Only user-specific lookup values are configurable in the requester name. Device-specific lookup values are not supported.

  3. Click Save.

    This CA and template combination can be used in any profile in the credentials payload and associated with wifi, email, or VPN payloads.