You configure the Mobile SSO for iOS authentication method from the Auth Methods page in the administration console. You associate the Mobile SSO authentication method in the built-in identity provider.

When the VMware Identity Managerservice is initially deployedVMware Identity Manager, your existing Active Directory infrastructure is used for user authentication and management. For iOS device, you integrate the service with Kerberos. Kerberos authentication provides users, who are successfully signed in to their domain, access to their application portal without additional credential prompts.

VMware Identity Manager uses an identity provider that is built in to the identity manager service to provide access to Mobile SSO authentication. This authentication method for iOS devices uses a Key Distribution Center (KDC) without the use of a connector or a third-party system.

In the VMware Identity Manager service, Kerberos can be integrated in one of two ways.

  • KDC as a VMware Identity Manager cloud hosted service. Using KDC in the cloud requires selecting the appropriate realm name in the iOS authentication adapter page.


    The KDC service hosted in the cloud is the only option when VMware Identity Manager is deployed with AirWatch in a Windows environment.

  • Built-in KDC on the service. The built-in KDC requires initializing KDC on the service and creating public DNS entries to allow the Kerberos clients to find the KDC.

To use the Mobile SSO for iOS authentication method, you must configure both AirWatch and the VMware Identity Manager service.