In as SaaS world there might be some certificates you may not want to store / be able to unencrypt the Private Key in a SaaS-Service. As Client Authentication Certs can today can use SCEP there are use cases where this does not work like S/MIME. Therefore there is for Omnissa Workspace ONE UEM the