As an admin, configure Workspace ONE Boxer to support Purebred as a certificate source for the managed Android devices.
You can determine how Workspace ONE Boxer can use the Purebred Registration application as a source for derived credential certificates. To do so, you must configure Boxer using the Workspace ONE UEM console version 2003 or below with the following key-value pair.
- PolicyDerivedCredentials - Enable this key to use the Purebred Registration application as a certificate source for Certificate-based authentication (CBA).
- PolicyDerivedCredentialsSMIME - Enable this key to use the Purebred Registration application as a certificate source for the S/MIME certificates (signing or encryption).
- Enable Purebred for Certificate-based authentication.
- In the Boxer Assignment screen, navigate to
- Set the authentication type to Certificate.
- Select Purebred as Derived Credentials.
- Enable Purebred for S/MIME certificates.
- Navigate to Derived Credentials. and add the certificate source as
- Select Purebred as an issuer name.
Verifying Purebred Registration Application
Android has the ability to install applications through sideloading, which can be an easy way for any unauthorized application to act as Purebred and get installed on the device. To mitigate such security risk, you can configure Workspace ONE Boxer to authenticate the Purebred Registration application using the Purebred public signing key. To do so, you must enable the AppPurebredPublicKey KVP in the Workspace ONE UEM console. When enabled, this key can easily override the signing key because Purebred is a non-Play Store application.