Create a user credential profile to use Entrust smart credentials on devices
Entrustsmart credentials on devices
Entrustderived smart credentials are supported by the following apps:
- BlackBerry Dynamicsapps oniOSdevices
- BlackBerry Dynamicsapps onAndroiddevices other thanSamsung Knox Workspacedevices
- Apps onAndroid Enterprisedevices that use certificates for signing, encryption, and identity authentication, such asBlackBerry Huband supported web browsers
- Apps onSamsung Knox Workspacedevices that use certificates for signing, encryption, and identity authentication, such as theSamsungnative email client and supported web browsers
BlackBerry UEMdoesn't support key history for derived smart credentials.
- Create a CA certificate profile to send theEntrustCA certificate to devices and assign the profile to the same users or groups that this user credential profile will be assigned to.
- On the menu bar, clickPolicies and Profiles.
- ClickCertificates > User credential.
- Click .
- Type a name and description for the profile. Each certificate profile must have a unique name.
- In theCertificate authority connectiondrop-down list, select theEntrustsmart credential connection that you configured.
- In theCertificate typedrop-down list, specify whether the smart credential will be used for identity authentication, signing, or encryption.If you want to send smart credentials to apps for more than one purpose, create additional user credential profiles.
- If the smart credential will be sent toSamsung Knox Workspacedevices or apps other thanBlackBerry Dynamicsapps onAndroid Enterprisedevices, click theAndroidtab and selectDeliver to native key chain.If this setting is not selected, the smart credential can be used only byBlackBerry Dynamicsapps.
- If the smart credential will be sent toBlackBerry Dynamicsapps, click theBlackBerry Dynamicstab and perform the following actions:
- If you want to allow users to dismiss certificate enrollment and complete it later, selectAllow optional certificate enrollment. Optional certificate enrollment is supported foriOSandAndroiddevices for the following user credential profile types: Device (App) Based Provider, Entrust Smart Credential and Native Keystore.
- If you want the device to delete duplicate credentials, selectDelete duplicate certificates. The device deletes the credential that has the earliest start date.
- If you want the device to delete expired credentials, selectDelete expired certificates.
- To allow allBlackBerry Dynamicsapps to use the smart credentials, selectAllow all apps to use certificates.
- To specify theBlackBerry Dynamicsapps to use the smart credentials, selectAllow specified apps to use certificatesand click to specify the apps. You must includeBlackBerry UEM Clientin the list of apps.
- Assign the profile to user accounts and user groups.
- After a device receives the profile, users must log in to theEntrust IdentityGuardSelf-Service Module to activate their smart credential and use theBlackBerry UEM Clientto scan the QR code presented by theEntrust IdentityGuardSelf-Service Module to add the smart credential to the device.
- To remove anEntrustsmart credential from a device, the user should deactivate the smart credential in theBlackBerry UEM Clientbefore you unassign the profile or remove the certificate.