Skip Navigation

Specify the certificate used by an app using a certificate mapping profile

For
Android
devices, you can use a certificate mapping profile to specify the client certificates that apps use. The certificate mapping profile is not supported for
BlackBerry Dynamics
apps.
Certificate mapping profiles allow you to specify the certificates that
Android
apps use. You can require an app to use a certificate sent to the device by a SCEP, user credential, or shared certificate profile. You can use a certificate with one or more specified apps or all managed apps. You can also specify whether an app uses a certificate any time that one is required, or only for connections to a specific URI.
Multiple certificate mappings can be specified in a single profile. Only one certificate mapping profile can be assigned to a user.
Create any SCEP, user credential, or shared certificate profiles required to send certificates to devices and assign the profiles to users or groups.
  1. On the menu bar, click
    Policies and profiles > Certificates > Certificate mapping
    .
  2. Click The Add icon.
  3. Type a name and description for the profile.
  4. In the mapping table, click The Add icon.
  5. Under
    Destination URI
    , select one of the following options:
    • Select
      None
      if the app won’t use the certificate to authenticate a connection with a resource.
    • Select
      Any
      if the app can use the certificate to authenticate a connection with any resource.
    • Select
      Specified host:port
      and type the host and port if the app can use the certificate to authenticate with a specific resource.
  6. Under
    App certificate
    , perform one of the following actions:
    • To specify that the app must use a certificate sent to the device by another profile, select
      Selected certificate
      and click the profile name from the drop-down list.
    • To specify that the app must use a certificate sent to the device by a third-party source, select
      Certificate alias
      and type the alias for the certificate.
    • To specify that the app must use a certificate sent to the device by another profile, select
      Selected certificate
      and click the profile name from the drop-down list.
  7. Under
    Allowed apps for destination URI
    , perform one of the following actions:
    • To allow any managed app to request the specified certificate, select
      Any apps in workspace
      .
    • To allow only specified apps to request the certificate, select
      Specified apps
      and click The Add icon to specify one or more apps.
  8. If necessary, repeat steps 5 to 8 to add to additional mappings to the profile.
  9. Click
    Add
    .
  • Assign the profile to user accounts and user groups.
  • If you create more than one certificate mapping profile, rank the profiles as necessary. Select a profile and click The Rank icon to move the profile up or down the ranking. Click
    Save