Product Documentation

凭据设备策略

Jan 12, 2017

可以在 XenMobile 中创建凭据设备策略,以使用 XenMobile 中的 PKI 配置启用集成身份验证,例如 PKI 实体、密钥库、凭据提供程序或服务器证书。 有关凭据的详细信息,请参阅证书。 

可以为 iOS、Mac OS X、Android、Android for Work、Windows Desktop/Tablet、Windows Mobile/CE 和 Windows Phone 设备创建凭据策略。 每种平台需要一组不同的值,本文将对此进行介绍。

iOS 设置

Mac OS X 设置

Android 和 Android for Work 设置

Windows Desktop/Tablet 设置

Windows Mobile/CE 设置

Windows Phone 设置

创建此策略前,需要具有计划用于各平台的凭据信息,以及任何证书和密码。

1. 在 XenMobile 控制台中,单击配置 > 设备策略。 此时将显示设备策略页面。

2. 单击添加。 此时将显示添加新策略对话框。

3. 展开更多,然后在安全性下面,单击凭据。 此时将显示凭据策略信息页面。

localized image

4. 在策略信息窗格中,键入以下信息:

  • 策略名称:键入策略的描述性名称。
  • 说明:键入策略的可选说明。

5. 单击下一步。 此时将显示策略平台页面。

6. 在平台下面,选择要添加的平台。 如果只为一个平台配置,请取消选中其他平台。

完成对平台设置的配置后,请参阅步骤 7 以了解如何设置此平台的部署规则。 

配置 iOS 设置

localized image

Configure the following settings:

  • Credential type: In the list, click the type of credential to use with this policy and then enter the following information for the selected credential:
    • Certificate
      • Credential name: Enter a unique name for the credential.
      • The credential file path: Select the credential file by clicking Browse and navigating to the file's location.
    • Keystore
      • Credential name: Enter a unique name for the credential.
      • The credential file path: Select the credential file by clicking Browse and navigating to the file's location.
      • Password: Enter the keystore password for the credential.
    • Server certificate
      • Server certificate: In the list, click the certificate to use.
    • Credential provider
      • Credential provider: In the list, click the name of the credential provider.
  • Policy Settings
    • Next to Remove policy, click either Select date or Duration until removal (in days).
    • If you click Select date, click the calendar to select the specific date for removal.
    • In the Allow user to remove policy list, click Always, Password required, or Never.
    • If you click Password required, next to Removal password, type the necessary password.

配置 Mac OS X 设置

localized image

Configure the following settings:

  • Credential type: In the list, click the type of credential to use with this policy and the, enter the following information for the selected credential:
    • Certificate
      • Credential name: Enter a unique name for the credential.
      • The credential file path: Select the credential file by clicking Browse and navigating to the file's location.
    • Keystore
      • Credential name: Enter a unique name for the credential.
      • The credential file path: Select the credential file by clicking Browse and navigating to the file's location.
      • Password: Enter the keystore password for the credential.
    • Server certificate
      • Server certificate: In the list, click the certificate to use.
    • Credential provider
      • Credential provider: In the list, click the name of the credential provider.
  • Policy Settings
    • Next to Remove policy, click either Select date or Duration until removal (in days).
    • If you click Select date, click the calendar to select the specific date for removal.
    • In the Allow user to remove policy list, click Always, Password required, or Never.
    • If you click Password required, next to Removal password, type the necessary password.
    • Next to Policy scope, click either User or System. The default is User. This option is available only on OS X 10.7 and later.

配置 Android 和 Android for Work 设置

localized image

Configure the following settings:

  • Credential type: In the list, click the type of credential to use with this policy and then, enter the following information for the selected credential:
    • Certificate
      • Credential name: Type a unique name for the credential.
      • The credential file path: Select the credential file by clicking Browse and then navigating to the file's location.
    • Keystore
      • Credential name: Type a unique name for the credential.
      • The credential file path: Select the credential file by clicking Browse and then navigating to the file location.
      • Password: Type the keystore password for the credential.
    • Server certificate
      • Server certificate: In the list, click the certificate to use.
    • Credential provider
      • Credential provider: In the list, click the name of the credential provider.

配置 Windows Desktop/Tablet 设置

localized image

Configure the following settings:

  • OSVersion: In the list, click either 8.1 for Windows 8.1 or 10 for Windows 10. The default is 10.
Windows 10 settings
Windows 8.1 settings

配置 Windows Mobile/CE 设置

localized image

配置以下设置:

  • 存储设备:在列表中,单击凭据的证书存储位置。 默认为根存储。 选项包括:
    • 特许执行信任颁发机构 - 使用属于此存储的证书签名的应用程序将在特许信任级别下运行。
    • 非特许执行信任颁发机构 - 使用属于此存储的证书签名的应用程序将在一般信任级别下运行。
    • SPC(软件发行程序证书) - 软件发行程序证书 (SPC) 用于签名 .cab 文件。
    • - 包含根证书或自签名证书的证书存储。
    • CA - 包含加密信息(包括中间证书颁发机构)的证书存储。
    • 我的 - 包含最终用户个人证书的证书存储。
  • 凭据类型:证书是适用于 Windows Mobile/CE 设备的唯一凭据类型。
  • 凭据文件路径:单击浏览,然后导航到凭据文件的位置,以选择此凭据文件。

配置 Windows Phone 设置

localized image

Configure the following settings:

  • Certificate Type: In the list, click either ROOT or CLIENT.
  • If you click ROOT, configure these settings:
    • Store device: In the list, click root, My, or CA for the location of the certificate store for the credential. My stores the certificate in users' certificate stores.
    • Location: System is the only location for Windows phones.
    • Credential type: Certificate is the only credential type for Windows phones.
    • Credential file path: Select the certificate file by clicking Browse and navigating to the file's location.
  • If you click CLIENT, configure these settings:
    • Location: System is the only location for Windows phones.
    • Credential type: Keystore is the only credential type for Windows phones.
    • Credential name: Type the name of the credential. This field is required.
    • Credential file path: Select the certificate file by clicking Browse and navigating to the file's location.
    • Password: Type the password associated with the credential. This field is required.
7. 配置部署规则

8. 单击下一步。 此时将显示凭据策略分配页面。

localized image

9. 在选择交付组旁边,键入以查找交付组,或在列表中选择一个或多个要向其分配策略的交付组。 选择的组显示在右侧用于接收应用程序分配的交付组列表中。

10. 展开部署计划,然后配置以下设置:

  • 部署旁边,单击以计划部署,或单击以阻止部署。 默认选项为。 如果选择,无需配置其他选项。
  • 部署计划旁边,单击立即稍后。 默认选项为立即
  • 如果单击稍后,请单击日历图标,然后选择部署的日期和时间。
  • 部署条件旁边,单击每次连接时或单击仅当之前的部署失败时。 默认选项为每次连接时
  • 为始终启用的连接部署旁边,单击。 默认选项为

注意: 

  • 已在设置 > 服务器属性中配置了计划后台部署密钥的情况下此选项适用。 始终启用选项不适用于 iOS 设备。
  • 配置的部署计划对所有平台相同。 您所做的更改适用于所有平台,为始终启用的连接部署除外,它不适用于 iOS。

11. 单击保存