XenMobile

Credentials device policy

You can create credentials device policies in XenMobile to enable integrated authentication with your PKI configuration in XenMobile, such as a PKI entity, a keystore, a credential provider, or a server certificate. For more information about credentials, see Certificates and authentication.

You can create credential policies for iOS, macOS, Android, Android Enterprise, Windows desktop/tablet, Windows Mobile/CE, and Windows Phone devices. Each platform requires a different set of values, which are described in this article.

Note:

Before you can create this policy, you need the credential information you plan to use for each platform, plus any certificates and passwords.

To add or configure this policy, go to Configure > Device Policies. For more information, see Device policies.

iOS settings

Image of Device Policies configuration screen

Configure the following settings:

  • Credential type: In the list, click the type of credential to use with this policy and then enter the following information for the selected credential:
    • Certificate
      • Credential name: Enter a unique name for the credential.
      • The credential file path: Select the credential file by clicking Browse and navigating to the file’s location.
    • Keystore
      • Credential name: Enter a unique name for the credential.
      • The credential file path: Select the credential file by clicking Browse and navigating to the file’s location.
      • Password: Enter the keystore password for the credential.
    • Server certificate
      • Server certificate: In the list, click the certificate to use.
    • Credential provider
      • Credential provider: In the list, click the name of the credential provider.
  • Policy settings
    • Remove policy: Choose a method for scheduling policy removal. Available options are Select date and Duration until removal (in hours)
      • Select date: Click the calendar to select the specific date for removal.
      • Duration until removal (in hours): Type a number, in hours, until policy removal occurs. Only available for iOS 6.0 and later.

macOS settings

Image of Device Policies configuration screen

Configure the following settings:

  • Credential type: In the list, click the type of credential to use with this policy and then enter the following information for the selected credential:
    • Certificate
      • Credential name: Enter a unique name for the credential.
      • The credential file path: Select the credential file by clicking Browse and navigating to the file’s location.
    • Keystore
      • Credential name: Enter a unique name for the credential.
      • The credential file path: Select the credential file by clicking Browse and navigating to the file’s location.
      • Password: Enter the keystore password for the credential.
    • Server certificate
      • Server certificate: In the list, click the certificate to use.
    • Credential provider
      • Credential provider: In the list, click the name of the credential provider.
  • Policy settings
    • Remove policy: Choose a method for scheduling policy removal. Available options are Select date and Duration until removal (in hours)
      • Select date: Click the calendar to select the specific date for removal.
      • Duration until removal (in hours): Type a number, in hours, until policy removal occurs.
    • Allow user to remove policy: You can select when users can remove the policy from their device. Select Always, Passcode required, or Never from the menu. If you select Passcode required, type a passcode in the Removal passcode field.
    • Profile scope: Select whether this policy applies to a User or an entire System. The default is User. This option is available only on macOS 10.7 and later.

Android settings

Credentials policy configuration screen

Configure the following settings:

  • Credential type: In the list, click the type of credential to use with this policy and then, enter the following information for the selected credential:
    • Certificate
      • Credential name: Type a unique name for the credential.
      • The credential file path: Select the credential file by clicking Browse and then navigating to the file’s location.
    • Keystore
      • Credential name: Type a unique name for the credential.
      • The credential file path: Select the credential file by clicking Browse and then navigating to the file location.
      • Password: Type the keystore password for the credential.
    • Server certificate
      • Server certificate: In the list, click the certificate to use.
    • Credential provider
      • Credential provider: In the list, click the name of the credential provider.

Android Enterprise settings

Credentials policy configuration screen

Configure the credential settings:

  • Credential type. In the list, click the type of credential to use with this policy and then enter the following information for the selected credential:
    • Certificate
      • The credential file path. Select the credential file by clicking Browse and then navigating to the file location.
    • Keystore
      • The credential file path: Select the credential file by clicking Browse and then navigating to the file location.
      • Password: Type the keystore password for the credential.
    • Server certificate
      • Server certificate. In the list, click the certificate to use.
    • Credential provider
      • Credential provider. In the list, click the name of the credential provider.

Windows Desktop/Tablet settings

Image of Device Policies configuration screen

  • Certificate Type: In the list, click either ROOT or CLIENT.
  • If you click ROOT, configure these settings:
    • Store device: In the list, click root, My, or CA for the location of the certificate store for the credential. My stores the certificate in users’ certificate stores.
    • Location: For Windows 10 tablets, System is the only location.
    • Credential type: For Windows 10 tablets, Certificate is the only credential type.
    • Credential file path: Select the certificate file by clicking Browse and navigating to the file’s location.
  • If you click CLIENT, configure these settings:
  • Location: For Windows 10 tablets, System is the only location.
  • Credential type: For Windows 10 tablets, Keystore is the only credential type.
  • Credential name: Type the name of the credential. This field is required.
  • Credential file path: Select the certificate file by clicking Browse and navigating to the file’s location.
  • Password: Type the password associated with the credential. This field is required.

Windows Mobile/CE settings

Image of Device Policies configuration screen

  • Store device: In the list, click the location of the certificate store for the credential. The default is root. Options are:
    • Privileged execution trust authorities: Applications signed with a certificate belonging to this store will run with privileged trust level.
    • Unprivileged execution trust authorities: Applications signed with a certificate belonging to this store will run with normal trust level.
    • SPC (Software Publisher Certificate): The Software Publishing Certificate (SPC) is used for signing .cab files.
    • root: A certificate store that contains root certificates.
    • CA: A certificate store that contains cryptographic information, including intermediary certification authorities.
    • MY: A certificate store that contains end-user personal certificates.
  • Credential type: Certificate is the only credential type for Windows Mobile/CE devices.
  • The credential file path: Select the credential file by clicking Browse and then navigating to the file’s location.

Windows Phone settings

Image of Device Policies configuration screen

  • Certificate Type: In the list, click either ROOT or CLIENT.
  • If you click ROOT, configure these settings:
    • Store device: In the list, click root, My, or CA for the location of the certificate store for the credential. My stores the certificate in users’ certificate stores.
    • Location: System is the only location for Windows phones.
    • Credential type: Certificate is the only credential type for Windows phones.
    • Credential file path: Select the certificate file by clicking Browse and navigating to the file’s location.
  • If you click CLIENT, configure these settings:
    • Location: For Windows phones, System is the only location.
    • Credential type: For Windows phones, Keystore is the only credential type.
    • Credential name: Type the name of the credential. This field is required.
    • Credential file path: Select the certificate file by clicking Browse and navigating to the file’s location.
    • Password: Type the password associated with the credential. This field is required.