Credentials profiles deploy corporate certificates for user authentication to managed devices.
Procedure
- Navigate to .
- Configure the profile's General settings.
- Select the Credentials payload.
- Configure the Credentials settings, including:
Settings Description Credential Source Upload a certificate from your local machine or define a Defined Certificate Authority, or upload a User Certificate.
- If you choose to Upload a certificate, complete the following:
- Credential Name – Enter the name of the credential or select on the information symbol to view acceptable lookup values like {EmailDomain} and {DeviceModel} to find the credential file to use.
- Certificate – Upload the new certificate or lookup values.
- If you choose to use a Defined Certificate Authority, complete the following:
- Certificate Authority for the Defined Certificate Authority – Select the external or internal CA issuing encryption keys for the PKI.
- Certificate Template for the Defined Certificate Authority – Select the predefined template for the CA to use when requesting a certificate.
- If you choose upload a User Certificate, select either S/MIME Certificate or S/MIME Encryption Certificate.
-
If you choose Derived Credentials, make sure to select the appropriate Key Usage which can be either Authentication, Signing, or Encryption.
- If you choose to Upload a certificate, complete the following:
- Navigate back to the previous payload for EAS, Wi-Fi, or VPN.
- Specify the Identity Certificate in the payload:
Setting Description EAS Select the Identity Certificate under Login Information. WiFi Select a compatible Security Type (WEP Enterprise, WPA/WPA2 Enterprise or Any (Enterprise)) and select the Root Certificate under Authentication. VPN Select a compatible Connection Type (for example, CISCO AnyConnect, F5 SSL) and select the Identity Certificate.
- Select Save & Publish after configuring the remaining settings.
