Skip Navigation

Create a user credential profile to use
Entrust
smart credentials on devices

Entrust
derived smart credentials are supported by the following apps:
  • BlackBerry Dynamics
    apps on
    iOS
    devices
  • BlackBerry Dynamics
    apps on
    Android
    devices other than
    Samsung Knox Workspace
    devices
  • Apps on
    Android Enterprise
    devices that use certificates for signing, encryption, and identity authentication, such as
    BlackBerry Hub
    and supported web browsers
  • Apps on
    Samsung Knox Workspace
    devices that use certificates for signing, encryption, and identity authentication, such as the
    Samsung
    native email client and supported web browsers
BlackBerry UEM
doesn't support key history for derived smart credentials.
  1. On the menu bar, click
    Policies and Profiles
    .
  2. Click
    Certificates > User credential
    .
  3. Click The Add icon.
  4. Type a name and description for the profile. Each certificate profile must have a unique name.
  5. In the
    Certificate authority connection
    drop-down list, select the
    Entrust
    smart credential connection that you configured.
  6. In the
    Certificate type
    drop-down list, specify whether the smart credential will be used for identity authentication, signing, or encryption.
    If you want to send smart credentials to apps for more than one purpose, create additional user credential profiles.
  7. If the smart credential will be sent to
    Samsung Knox Workspace
    devices or apps other than
    BlackBerry Dynamics
    apps on
    Android Enterprise
    devices, click the
    Android
    tab and select
    Deliver to native key chain
    .
    If this setting is not selected, the smart credential can be used only by
    BlackBerry Dynamics
    apps.
  8. If the smart credential will be sent to
    BlackBerry Dynamics
    apps, click the
    BlackBerry Dynamics
    tab and perform the following actions:
    1. If you want to allow users to dismiss certificate enrollment and complete it later, select
      Allow optional certificate enrollment
      . Optional certificate enrollment is supported for
      iOS
      and
      Android
      devices for the following user credential profile types: Device (App) Based Provider, Entrust Smart Credential and Native Keystore. 
    2. If you want the device to delete duplicate credentials, select
      Delete duplicate certificates
      . The device deletes the credential that has the earliest start date.
    3. If you want the device to delete expired credentials, select
      Delete expired certificates
      .
    4. To allow all
      BlackBerry Dynamics
      apps to use the smart credentials, select
      Allow all apps to use certificates
      .
    5. To specify the
      BlackBerry Dynamics
      apps to use the smart credentials, select
      Allow specified apps to use certificates
      and click The Add icon to specify the apps. You must include
      BlackBerry UEM Client
      in the list of apps.
  9. Click
    Add
    .
  • Assign the profile to user accounts and user groups.
  • After a device receives the profile, users must log in to the
    Entrust IdentityGuard
    Self-Service Module to activate their smart credential and use the
    BlackBerry UEM Client
    to scan the QR code presented by the
    Entrust IdentityGuard
    Self-Service Module to add the smart credential to the device.
  • To remove an
    Entrust
    smart credential from a device, the user should deactivate the smart credential in the
    BlackBerry UEM Client
    before you unassign the profile or remove the certificate.