Credentials device policy

凭证设备政策指向PKI configured in XenMobile. For example, your PKI configuration might include a PKI entity, a keystore, a credential provider, or a server certificate. For more information about credentials, seeCertificates and authentication.

Each supported platform requires a different set of values, which are described in this article.

Note:

Before you can create this policy, you need the credential information you plan to use for each platform, plus any certificates and passwords.

To add or configure this policy, go to进行gure > Device Policies. For more information, seeDevice policies.

iOS settings

进行gure the following settings:

• Credential type:In the list, click the type of credential to use with this policy and then enter the following information for the selected credential:
  • Certificate
    • Credential name:Enter a unique name for the credential.
    • The credential file path:Select the credential file by clicking Browse and navigating to the file’s location.
  • Keystore
    • Credential name:Enter a unique name for the credential.
    • The credential file path:Select the credential file by clicking Browse and navigating to the file’s location.
    • Password:Enter the keystore password for the credential.
  • Server certificate
    • Server certificate:In the list, click the certificate to use.
  • Credential provider
    • Credential provider:In the list, click the name of the credential provider.
• Policy settings
  • Remove policy:Choose a method for scheduling policy removal. Available options areSelect dateandDuration until removal (in hours)
    • Select date:Click the calendar to select the specific date for removal.
    • Duration until removal (in hours):Type a number, in hours, until policy removal occurs. Only available for iOS 6.0 and later.

macOS settings

进行gure the following settings:

• Credential type:In the list, click the type of credential to use with this policy and then enter the following information for the selected credential:
  • Certificate
    • Credential name:Enter a unique name for the credential.
    • The credential file path:Select the credential file by clickingBrowseand navigating to the file’s location.
  • Keystore
    • Credential name:Enter a unique name for the credential.
    • The credential file path:Select the credential file by clickingBrowseand navigating to the file’s location.
    • Password:Enter the keystore password for the credential.
  • Server certificate
    • Server certificate:In the list, click the certificate to use.
  • Credential provider
    • Credential provider:In the list, click the name of the credential provider.
• Policy settings
  • Remove policy:Choose a method for scheduling policy removal. Available options areSelect dateandDuration until removal (in hours)
    • Select date:Click the calendar to select the specific date for removal.
    • Duration until removal (in hours):Type a number, in hours, until policy removal occurs.
  • Allow user to remove policy:You can select when users can remove the policy from their device. SelectAlways,Passcode required, orNeverfrom the menu. If you selectPasscode required, type a passcode in theRemoval passcodefield.
  • Profile scope:Select whether this policy applies to aUseror an entireSystem. The default isUser. This option is available only on macOS 10.7 and later.

Android settings

进行gure the following settings:

• Credential type:In the list, click the type of credential to use with this policy and then, enter the following information for the selected credential:
  • Certificate
    • Credential name:Type a unique name for the credential.
    • The credential file path:Select the credential file by clicking Browse and then navigating to the file’s location.
  • Keystore
    • Credential name:Type a unique name for the credential.
    • The credential file path:Select the credential file by clickingBrowseand then navigating to the file location.
    • Password:Type the keystore password for the credential.
  • Server certificate
    • Server certificate:In the list, click the certificate to use.
  • Credential provider
    • Credential provider:In the list, click the name of the credential provider.

Android Enterprise settings

进行gure these settings to determine how XenMobile applies credentials settings:

• Remove credentials:Set toOnto configure the following settings. Default isOff.
  • Remove user credentials:Removes certificates from the managed keystore. Default isOff.
  • Remove trusted root certificates:Uninstalls all non-system CA certificates. Default isOff.
• Apply to fully managed devices with a work profile/Work profile on corporate-owned devices:Allows you to configure credentials policy settings for fully managed devices with work profiles. When this setting isOn, credentials settings you configure apply to the work profile only. When this setting isOff, the credentials settings you configure apply only to the device. Default isOff.

进行gure the credential settings:

• Credential type:In the list, click the type of credential to use with this policy and then enter the following information for the selected credential:
  • Certificate
    • The credential file path:Select the credential file by clickingBrowseand then navigating to the file location.
  • Keystore
    • The credential file path:Select the credential file by clickingBrowseand then navigating to the file location.
    • Certificate Alias:A certificate alias makes it easier for apps to access the certificate. Configure a certificate alias in the Managed Configuration device policy. Then, type the alias in theCertificate Aliasfield in the Credentials device policy. Apps retrieve the certificate and authenticate the VPN without any action by users.
    • Password:Type the keystore password for the credential.
  • Server certificate
    • Server certificate:In the list, click the certificate to use.
  • Credential provider
    • Certificate Alias:A certificate alias makes it easier for apps to access the certificate. Configure a certificate alias in the Managed Configuration device policy. Then, type the alias in theCertificate Aliasfield in the Credentials device policy. Apps retrieve the certificate and authenticate the VPN without any action by users.
    • Credential provider:In the list, click the name of the credential provider.
    • Apps to use certificates:To specify apps that have silent access to the credentials from this provider: ClickAdd, select an app, and clickSave.

Windows Desktop/Tablet settings

• Certificate Type:In the list, click eitherROOTorCLIENT.
• If you clickROOT, configure these settings:
  • Store device:In the list, clickroot,My, orCAfor the location of the certificate store for the credential.Mystores the certificate in users’ certificate stores.
  • Location:For Windows 10 and Windows 11 tablets,Systemis the only location.
  • Credential type:For Windows 10 and Windows 11 tablets,Certificateis the only credential type.
  • Credential file path:Select the certificate file by clickingBrowseand navigating to the file’s location.
• If you clickCLIENT, configure these settings:
• Location:For Windows 10 and Windows 11 tablets,Systemis the only location.
• Credential type:For Windows 10 and Windows 11 tablets,Keystoreis the only credential type.
• Credential name:Type the name of the credential. This field is required.
• Credential file path:Select the certificate file by clickingBrowseand navigating to the file’s location.
• Password:Type the password associated with the credential. This field is required.