Sending client certificates to devices and apps using user credential profiles
User credential profiles allow devices to use client certificates obtained by the following methods:
- Manually uploading certificates to theBlackBerry UEMmanagement console or, in an on-premises environment, toBlackBerry UEM Self-Service
- An established connection betweenBlackBerry UEMand your organization’sEntrustCA orOpenTrustCA
- ForBlackBerry Dynamicsapps onAndroiddevices, certificates stored in the device native keystore
- ForBlackBerry Dynamicsapps, through an establishedBlackBerry DynamicsPKI connector connection
- ForBlackBerry Dynamicsapps, using an app-based PKI solution such asPurebred.
If users manually upload certificates in
UEM Self-Service
, you can see the certificate on the user page in the management console. You can also delete or replace the certificate. This feature is not supported in BlackBerry UEM Cloud
. User credential profiles are supported on
iOS
and Android
devices. App-based PKI solutions are supported for BlackBerry
Dynamics
apps on iOS
and Android
devices. Manually uploading certificates is supported for iOS
, Android Enterprise
, and Samsung Knox Workspace
.For more information about connecting
BlackBerry UEM
to your organization's PKI software, see Integrating BlackBerry UEM with your organization's PKI software.Alternatively, you can use SCEP profiles to enroll client certificates to devices. You can also upload certificates directly to a user account. The type of profile you choose depends on how your organization uses the PKI software, the types of devices your organization supports, and how you want to manage certificates.