Creating user credential profiles for app-based certificates

App-based PKI solutions such as

Purebred

include an app installed on a device that communicates with a CA to enroll certificates and add them to the device. You can use an app-based PKI solution to provide certificates for use by

BlackBerry Dynamics

apps.

To use an app-based PKI solution with

iOS

devices, you must add a connection between

BlackBerry UEM

and the PKI provider. This task is not required to use an app-based PKI solution with

Android

devices.

If the PKI app that retrieves certificates from the CA is not a

BlackBerry Dynamics

app, the

BlackBerry UEM Client

communicates with the PKI app to get the certificates and provide them to

BlackBerry Dynamics

apps.

If you send more than one certificate to devices using this method, it is recommended that you set up multiple user credential profiles with each profile using a different type of certificate. If you use a single profile instance for multiple certificates, there is no indication if any certificates are missing. For example, if a profile includes separate encryption, signing, and authentication certificates and only the signing and authentication certificates are imported, it appears on the device that the that the import was successful even though the encryption certificate is missing. However, if you set up three separate user credential profiles and the encryption certificate is missing, the issue is apparent.

Some of the steps required to use your organization's app-based PKI solution are necessary only if you use the solution with

iOS

devices.