Initialize the Key Distribution Center in the Appliance

Before you can use the Mobile SSO for iOS authentication method, you must initialize the Key Distribution Center (KDC) in the Workspace ONE Access appliance.

To initialize KDC, you assign your Workspace ONE Access hostname to the Kerberos realms. The realm name is entered in upper-case letters. If you configure subdomains, type the subdomain name in lower-case letters.

Prerequisites

Workspace ONE Access is installed and configured.

Realm name identified. See Using the Built-in KDC for Workspace ONE Access.

Procedure

SSH into the Workspace ONE Access appliance as the root user.
Initialize the KDC. Enter /etc/init.d/vmware-kdc init --realm {REALM.COM} --subdomain {sva-name.subdomain}.
For example, /etc/init.d/vmware-kdc init --realm MY-IDM.EXAMPLE.COM --subdomain my-idm.example.com

If you are using a load balancer with multiple Workspace ONE Access appliances, use the name of the load balancer in both cases.
Restart the Workspace ONE Access service. Enter service horizon-workspace restart.
Start the KDC service. Enter service vmware-kdc restart.

What to do next

Create public DNS entries. DNS records must be provisioned to allow the clients to find the KDC. See Creating Public DNS Entries for KDC with Built-in Kerberos.