VMware Identity Manager Cloud tenants do not need to manage or configure the KDC.
For the VMware Identity Manager service on premises, two KDC service options are available. One option is to use the built-in KDC that you initialize in the VMware Identity Manager appliance before you enable the mobile SSO authentication method from the administration console. The second option is to use the VMware Identity Manager KDC cloud hosted service. For more information about the built-in KDC, see the Installing and Configuring VMware Identity Manager guide. To use the Cloud Hosted KDC Service, see Using the Cloud Hosted KDC Service.
When the identity manager is configured with AirWatch in a Windows environment, the iOS Mobile authentication method must be configured to use the VMware Identity Manager cloud hosted KDC service.
Implementing Mobile SSO authentication for AirWatch-managed iOS 9 or later devices requires the following configuration steps.
Download the issuer certificate to configure Mobile SSO for iOS
If you are using Active Directory Certificate Services, configure a certificate authority template for Kerberos certificate distribution in the Active Directory Certificate Services. Then configure AirWatch to use Active Directory Certificate Authority. Add the Certificate template in the AirWatch admin console. Download the issuer certificate to configure Mobile SSO for iOS.
If you are using AirWatch Certificate Authority, enable Certificates in the VMware Identity Manager Integrations page. Download the issuer certificate to configure Mobile SSO for iOS.
Configure the iOS device profile and enable single sign-in from the AirWatch admin console.
Configure the Mobile SSO (iOS) authentication method
Configure the built-in identity provider and associate the Mobile SSO for iOS authentication in the VMware Identity Manager administration console.