Credentials device policy

You can create credentials device policies in XenMobile to enable integrated authentication with your PKI configuration in XenMobile, such as a PKI entity, a keystore, a credential provider, or a server certificate. For more information about credentials, see Certificates and authentication.

You can create credential policies for iOS, macOS, Android, Android for Work, Windows desktop/tablet, Windows Mobile/CE, and Windows Phone devices. Each platform requires a different set of values, which are described in this article.

Note:

Before you can create this policy, you need the credential information you plan to use for each platform, plus any certificates and passwords.

To add or configure this policy, go to Configure > Device Policies. For more information, see Device policies.

iOS settings

Image of Device Policies configuration screen

Configure the following settings:

  • Credential type: In the list, click the type of credential to use with this policy and then enter the following information for the selected credential:
    • Certificate
      • Credential name: Enter a unique name for the credential.
      • The credential file path: Select the credential file by clicking Browse and navigating to the file’s location.
    • Keystore
      • Credential name: Enter a unique name for the credential.
      • The credential file path: Select the credential file by clicking Browse and navigating to the file’s location.
      • Password: Enter the keystore password for the credential.
    • Server certificate
      • Server certificate: In the list, click the certificate to use.
    • Credential provider
      • Credential provider: In the list, click the name of the credential provider.

macOS settings

Image of Device Policies configuration screen

Configure the following settings:

  • Credential type: In the list, click the type of credential to use with this policy and the, enter the following information for the selected credential:
    • Certificate
      • Credential name: Enter a unique name for the credential.
      • The credential file path: Select the credential file by clicking Browse and navigating to the file’s location.
    • Keystore
      • Credential name: Enter a unique name for the credential.
      • The credential file path: Select the credential file by clicking Browse and navigating to the file’s location.
      • Password: Enter the keystore password for the credential.
    • Server certificate
      • Server certificate: In the list, click the certificate to use.
    • Credential provider
      • Credential provider: In the list, click the name of the credential provider.

Android and Android for Work settings

Image of Device Policies configuration screen

Configure the following settings:

  • Credential type: In the list, click the type of credential to use with this policy and then, enter the following information for the selected credential:
    • Certificate
      • Credential name: Type a unique name for the credential.
      • The credential file path: Select the credential file by clicking Browse and then navigating to the file’s location.
    • Keystore
      • Credential name: Type a unique name for the credential.
      • The credential file path: Select the credential file by clicking Browse and then navigating to the file location.
      • Password: Type the keystore password for the credential.
    • Server certificate
      • Server certificate: In the list, click the certificate to use.
    • Credential provider
      • Credential provider: In the list, click the name of the credential provider.

Windows Desktop/Tablet settings

Image of Device Policies configuration screen

  • Certificate Type: In the list, click either ROOT or CLIENT.
  • If you click ROOT, configure these settings:
    • Store device: In the list, click root, My, or CA for the location of the certificate store for the credential. My stores the certificate in users’ certificate stores.
    • Location: For Windows 10 tablets, System is the only location.
    • Credential type: For Windows 10 tablets, Certificate is the only credential type.
    • Credential file path: Select the certificate file by clicking Browse and navigating to the file’s location.
  • If you click CLIENT, configure these settings:
  • Location: For Windows 10 tablets, System is the only location.
  • Credential type: For Windows 10 tablets, Keystore is the only credential type.
  • Credential name: Type the name of the credential. This field is required.
  • Credential file path: Select the certificate file by clicking Browse and navigating to the file’s location.
  • Password: Type the password associated with the credential. This field is required.

Windows Mobile/CE settings

Image of Device Policies configuration screen

  • Store device: In the list, click the location of the certificate store for the credential. The default is root. Options are:
    • Privileged execution trust authorities: Applications signed with a certificate belonging to this store will run with privileged trust level.
    • Unprivileged execution trust authorities: Applications signed with a certificate belonging to this store will run with normal trust level.
    • SPC (Software Publisher Certificate): The Software Publishing Certificate (SPC) is used for signing .cab files.
    • root: A certificate store that contains root, or self-signed, certificates.
    • CA: A certificate store that contains cryptographic information, including intermediary certification authorities.
    • MY: A certificate store that contains end-user personal certificates.
  • Credential type: Certificate is the only credential type for Windows Mobile/CE devices.
  • The credential file path: Select the credential file by clicking Browse and then navigating to the file’s location.

Windows Phone settings

Image of Device Policies configuration screen

  • Certificate Type: In the list, click either ROOT or CLIENT.
  • If you click ROOT, configure these settings:
    • Store device: In the list, click root, My, or CA for the location of the certificate store for the credential. My stores the certificate in users’ certificate stores.
    • Location: System is the only location for Windows phones.
    • Credential type: Certificate is the only credential type for Windows phones.
    • Credential file path: Select the certificate file by clicking Browse and navigating to the file’s location.
  • If you click CLIENT, configure these settings:
    • Location: For Windows phones, System is the only location.
    • Credential type: For Windows phones, Keystore is the only credential type.
    • Credential name: Type the name of the credential. This field is required.
    • Credential file path: Select the certificate file by clicking Browse and navigating to the file’s location.
    • Password: Type the password associated with the credential. This field is required.