Now that the SecureAuth certificate authority and certificate template settings have been properly configured in Workspace ONE UEM, the final step is to configure Workspace ONE UEM profiles (payloads) for either PKI or SCEP. If in Retrieving Certificate from SecureAuth certificate authority, you chose PKI then you only need to configure a Credentials profile. Once either of these profiles are created, you can create additional payloads that the SecureAuth certificate can use, such as Exchange ActiveSync (EAS), VPN, or Wi-Fi services.
Configure a PKI Credential Payload
- Navigate to Devices > Profiles > List View.
- Click Add.
- Select the applicable platform for the device type.
- Specify all General profile parameters for organization group, deployment type, etc.
- Select Credentials from the payload options.
- Click Configure.
- Select Defined Certificate Authority from the Credential Source drop-down menu.
- Select the external SecureAuth CA you created previously in Retrieving Certificate from SecureAuth Certificate Authority from the Certificate Authority drop-down menu.
Select the certificate template for SecureAuth you created previously in Setup Certificate Template for SecureAuth CA Type from the Certificate Template drop-down menu.
At this point, Saving and Publishing the profile would deploy a certificate to the device. However, if you plan on using the certificate on the device for Wi-Fi, VPN, or email purposes, then you should also configure the respective payload in the same profile to leverage the certificate being deployed. For step-by-step instructions on configuring these payloads, refer to the applicable Platform Guides.