Skip Navigation

Create a user credential profile to use 
Entrust
 smart credentials on devices

Entrust
 derived smart credentials are supported by the following apps:
  • BlackBerry Dynamics
     apps on 
    iOS
     devices
  • BlackBerry Dynamics
     apps on 
    Android
     devices other than 
    Samsung KNOX Workspace
     devices
  • Apps on 
    Android Enterprise
     devices that use certificates for signing, encryption, and identity authentication, such as 
    BlackBerry Hub
     and supported web browsers
  • Apps on 
    Samsung KNOX Workspace
     devices that use certificates for signing, encryption, and identity authentication, such as the 
    Samsung
     native email client and supported web browsers
BlackBerry UEM
 doesn't support key history for derived smart credentials.
  1. On the menu bar, click 
    Policies and Profiles
    .
  2. Click 
    Certificates > User credential
    .
  3. Click  .
  4. Type a name and description for the profile. Each certificate profile must have a unique name.
  5. In the 
    Certification authority connection
     drop-down list, select the 
    Entrust
     smart credential connection that you configured.
  6. In the 
    Certificate type
     drop-down list, specify whether the smart credential will be used for identity authentication, signing, or encryption.
    If you want to send smart credentials to apps for more than one purpose, create additional user credential profiles.
  7. If the smart credential will be sent to 
    Samsung KNOX Workspace
     devices or apps other than 
    BlackBerry Dynamics
     apps on 
    Android Enterprise
     devices, click the 
    Android
     tab and select 
    Deliver to native key chain
    .
     If this setting is not selected, the smart credential can be used only by 
    BlackBerry Dynamics
     apps.
  8. If the smart credential will be sent to 
    BlackBerry Dynamics
     apps, click the 
    BlackBerry Dynamics
     tab and perform the following actions:
    1. If you want the device to delete duplicate credentials, select 
      Delete duplicate certificates
      . The device deletes the credential that has the earliest start date.
    2. If you want the device to delete expired credentials, select 
      Delete expired certificates
      .
    3. To allow all 
      BlackBerry Dynamics
       apps to use the smart credentials, select 
      Allow all apps to use certificates
      .
    4. To specify the 
      BlackBerry Dynamics
       apps to use the smart credentials, select 
      Allow specified apps to use certificates
       and click   to specify the apps. You must include 
      BlackBerry UEM Client
       in the list of apps.
  9. Click 
    Add
    .
  • Assign the profile to user accounts and user groups.
  • After a device receives the profile, users must log in to the 
    Entrust IdentityGuard
     Self-Service Module to activate their smart credential and use the 
    BlackBerry UEM Client
     to scan the QR code presented by the 
    Entrust IdentityGuard
     Self-Service Module to add the smart credential to the device.
  • To remove an 
    Entrust
     smart credential from a device, the user should deactivate the smart credential in the 
    BlackBerry UEM Client
     before you unassign the profile or remove the certificate.