For iOS device authentication, VMware Identity Manager uses an identity provider that is built in to the identity manager service to provide access to Mobile SSO authentication. This authentication method uses a Key Distribution Center (KDC) without the use of a connector or a third-party system. You must initiate the KDC service in the VMware Identity Manager built-in identity provider before you enable Kerberos in the admin console.

Implementing Mobile SSO authentication for AirWatch-managed iOS 9 devices requires the following configuration steps.

Note:

Mobile SSO authentication is supported on iOS devices running iOS 9 and later.

  • Initialize the Key Distribution Center (KDC) in the VMware Identity Manager appliance. See the Preparing to Use Kerberos Authentication on iOS Devices chapter in the Installation Guide.

  • If you are using Active Directory Certificate Services, configure a certificate authority template for Kerberos certificate distribution in the Active Directory Certificate Services. Then configure AirWatch to use Active Directory Certificate Authority. Add the Certificate template in the AirWatch admin console. Download the issuer certificate to configure Mobile SSO for iOS.

  • If you are using AirWatch Certificate Authority, enable Certificates in the VMware Identity Manager Integrations page. Download the issuer certificate to configure Mobile SSO for iOS.

  • Configure the built-in identity provider and enable and configure Mobile SSO for iOS authentication in the VMware Identity Manager administration console.

  • Configure the iOS device profile and enable single sign-in from the AirWatch admin console.