When you initially deploy the VMware Identity Manager service, your existing Active Directory infrastructure is used for user authentication and management. You integrate the service with other authentication solutions such as Kerberos, Certificate, and RSA SecurID from the administration console. For Mobile SSO authentication on AirWatch managed iOS devices, you manually initialize the Key Distribution Center (KDC) in the appliance before you enable the authentication method from the administration console.
Kerberos authentication provides users, who are successfully signed in to their domain, access to their apps portal without additional credential prompts. To support iOS devices using Kerberos, VMware Identity Manager provides the built-in Kerberos authentication method, Mobile SSO for iOS, to access the KDC within the built-in identity provider without the use of a connector or a third-party system.
After you initialize the KDC and restart the service, create public DNS entries to allow the Kerberos clients to find the KDC.
To use the Mobile SSO for iOS authentication method, you must configure both AirWatch and the VMware Identity Manager service. See the VMware Identity Manager Administration Guide, Implementing Built-in Kerberos Authentication for AirWatch-Managed iOS Devices.