I discussed with my friend Henry (@hereshenry) about the fact that on XenMobile configured with CBA (Certificate Based Authentication) we saw on the PKI that multiple certificates was issued for same users.
If you have this issue, you will need to change default parameters.
In fact when you create Credential Policy for CBA, by default, on Assignment, under Deployment Schedule, you have the following settings:
You will need to change Deployment condition from On every connection to Only when previous deployment has failed:
It should solve the issue of creating multiple certificates for users.
Note: Those information are provided based on my own experience.