Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry UEM 12.16
  3. Administration
  4. Securing connections using PKI
  5. Sending certificates to devices and apps using profiles
  6. Sending client certificates to devices and apps using user credential profiles
  7. Create a user credential profile to use Entrust smart credentials on devices

Create a user credential profile to use
Entrust
 smart credentials on devices

Entrust
 derived smart credentials are supported by the following apps:
  • BlackBerry Dynamics
     apps on
    iOS
     devices
  • BlackBerry Dynamics
     apps on
    Android
     devices other than
    Samsung Knox Workspace
     devices
  • Apps on
    Android Enterprise
     devices that use certificates for signing, encryption, and identity authentication, such as
    BlackBerry Hub
     and supported web browsers
  • Apps on
    Samsung Knox Workspace
     devices that use certificates for signing, encryption, and identity authentication, such as the
    Samsung
     native email client and supported web browsers
BlackBerry UEM
 doesn't support key history for derived smart credentials.
  1. On the menu bar, click
    Policies and Profiles
    .
  2. Click
    Certificates > User credential
    .
  3. Click The Add icon.
  4. Type a name and description for the profile. Each certificate profile must have a unique name.
  5. In the
    Certificate authority connection
     drop-down list, select the
    Entrust
     smart credential connection that you configured.
  6. In the
    Certificate type
     drop-down list, specify whether the smart credential will be used for identity authentication, signing, or encryption.
    If you want to send smart credentials to apps for more than one purpose, create additional user credential profiles.
  7. If the smart credential will be sent to
    Samsung Knox Workspace
     devices or apps other than
    BlackBerry Dynamics
     apps on
    Android Enterprise
     devices, click the
    Android
     tab and select
    Deliver to native key chain
    .
    If this setting is not selected, the smart credential can be used only by
    BlackBerry Dynamics
     apps.
  8. If the smart credential will be sent to
    BlackBerry Dynamics
     apps, click the
    BlackBerry Dynamics
     tab and perform the following actions:
    1. If you want to allow users to dismiss certificate enrollment and complete it later, select
      Allow optional certificate enrollment
      . Optional certificate enrollment is supported for
      iOS
       and
      Android
       devices for the following user credential profile types: Device (App) Based Provider, Entrust Smart Credential and Native Keystore. 
    2. If you want the device to delete duplicate credentials, select
      Delete duplicate certificates
      . The device deletes the credential that has the earliest start date.
    3. If you want the device to delete expired credentials, select
      Delete expired certificates
      .
    4. To allow all
      BlackBerry Dynamics
       apps to use the smart credentials, select
      Allow all apps to use certificates
      .
    5. To specify the
      BlackBerry Dynamics
       apps to use the smart credentials, select
      Allow specified apps to use certificates
       and click The Add icon to specify the apps. You must include
      BlackBerry UEM Client
       in the list of apps.
  9. Click
    Add
    .
  • Assign the profile to user accounts and user groups.
  • After a device receives the profile, users must log in to the
    Entrust IdentityGuard
     Self-Service Module to activate their smart credential and use the
    BlackBerry UEM Client
     to scan the QR code presented by the
    Entrust IdentityGuard
     Self-Service Module to add the smart credential to the device.
  • To remove an
    Entrust
     smart credential from a device, the user should deactivate the smart credential in the
    BlackBerry UEM Client
     before you unassign the profile or remove the certificate.