When you use Active Directory when you set up single sign-on authentication for Workspace ONE UEM managed iOS mobile devices, you set up a trust relationship between Active Directory and Workspace ONE UEM. After that, you enable the Mobile SSO for iOS authentication method in Workspace ONE Access.

After you configured the certificate authority and certificate template for Kerberos certificate distribution in the Active Directory Certificate Services, you enable Workspace ONE UEM to request the certificate used for authentication and add the certificate authority to the Workspace ONE UEM console.


  1. In the Workspace ONE UEM console main menu, navigate to Devices > Certificates > Certificate Authorities.
  2. Click Add.
  3. Configure the following in the Certificate Authority page.
    Note: Make sure that Microsoft AD CS is selected as the Authority Type before you start to complete this form.
    Option Description
    Name Enter a name for the new Certificate Authority.
    Authority Type Make sure that Microsoft ADCS is selected.
    Protocol Select ADCS as the protocol.
    Server Hostname Enter the URL of the server. Enter the host name in this format https://{servername.com}/certsrv.adcs/. The site can be http or https depending on how the site is set up. The URL must include the trailing /.
    Note: If the connection fails when you test the URL, remove the http:// or https:// from the address and test the connection again.
    Authority Name Enter the name of the certificate authority that the ADCS end point is connected to. This name can be found by launching the Certification Authority application on the certificate authority server.
    Authentication Make sure that Service Account is selected.
    Username and Password Enter the user name and password of the AD CS admin account with sufficient access to allow Workspace ONE UEM to request and issue certificates.
  4. Click Save.

What to do next

Configure the Certificate Template in Workspace ONE UEM.