Now that the GlobalSign certificate authority and certificate template settings have been properly configured in Workspace ONE UEM, the final step is to configure Workspace ONE UEM profiles (payloads). Once either of these profiles is created, you can create additional payloads that the GlobalSign certificate can use, such as Exchange ActiveSync (EAS), VPN, or Wi-Fi services.

Configure a PKI Credential Payload

  1. Navigate to Devices > Profiles > List View.
  2. Click Add.
  3. Select the applicable platform for the device type.
  4. Specify all General profile parameters for organization group, deployment type, etc.
  5. Select Credentials from the payload options.
  6. Click Configure.
  7. Select Defined Certificate Authority from the Credential Source drop-down menu.
  8. Select the external GlobalSign CA you created previously in Step 1 Configure GlobalSign Certificate Authority from the Certificate Authority drop-down menu.
  9. Select the certificate template for GlobalSign you created previously in Step 2 Set Up Certificate Template for GlobalSign CA Type from the Certificate Template drop-down menu.

At this point, saving and publishing the profile would deploy a certificate to the device. However, if you plan on using the certificate on the device for Wi-Fi, VPN, or email purposes, then you should also configure the respective payload in the same profile to leverage the certificate being deployed. For step-by-step instructions on configuring these payloads, refer to the applicable Platform Guides.