Entrust certificates

The Email+ Android Enterprise app for Ivanti Neurons for MDM uses Entrust Authorization, Signing, and Encryption certificates that were generated in the PIV-D app and stored in keystore and use them to perform the functions:

    • Authorization Certificate: This certificate is used to login to the Email+ app.
    • Signing /Encryption Certificate: This certificate is used for SMIME functionality.

This is applicable for Android Enterprise Device Registration mode such as Profile Owner, Device Owner, and EPO modes with Microsoft Office 365 using Modern auth.

To configure entrust certificates new value entrust_certificates is added to Optional features restriction for Android Enterprise.

Enabling Ivanti Email+ to use certificates from keystore

The Go client allows Email+to use the certificates from the keystore only when the Manage Certificates option is enabled.

  1. In the Ivanti Neurons for MDM portal, go to Apps >App Catalog.
  2. Select Email+ (Android) from Business Apps.
  3. In App Configurations for Email+, select Delegated Device Permissions > Manage Certificates option to enable entrust certificates for Email+ Android Enterprise.