Deploy Workspace ONE Cards with security configurations on your users' mobile devices using the Workspace ONE UEM console.
You must use the Workspace ONE UEM console 9.3 or later versions. For more information about requirements, see Requirements for Workspace ONE Cards.
Add Workspace ONE Cards to Workspace ONE UEM
- In the Workspace ONE UEM console, navigate to Apps & Books > Applications > Native > List View > Public.
- Select Add Application, and enter the required information.
Option Description Managed By Select the organization group. Platform Select an appropriate platform. Name Enter Workspace ONE Cards. Search App Store (iOS only) Select to make the application available in the App Store. Enter URL Enter the URL of the application. Import from Play (Android only) Select to make the application available in the Play Store. To search the Google Play Store in an on-premises deployment, you must integrate a Google Account with the Workspace ONE UEM MDM environment.
- Select the Workspace ONE Cards application.
- If you plan to use a custom SDK profile, select the profile on the SDK tab.
- Select Save and Assign.
- On the updated assignment page, select Add Assignment, and enter the name of assignment group in the Select Assignment Groups text box.
- Select Add.
- Click Save and Publish.
Users must install Workspace ONE Cards on a mobile device that is registered or enrolled using Workspace ONE Intelligent Hub. To synchronize with the Exchange content, users must enter their Exchange credentials after they start Workspace ONE Cards.
Configure Workspace ONE Cards with Derived Credentials (PIV-D)
Create and configure an SDK profile with the derived credentials and assign the profile to Workspace ONE Cards. The SDK profile helps Cards to fetch the derived credential certificates from Workspace ONE PIV-D Manager. These certificates are used by devices to access resources securely.
A derived credential is a client certificate that is generated or issued on a mobile device after users prove their identity using their existing smart card (CAC or PIV) during the enrollment process.
When you set the Credential Source as Derived Credential on the Credential payload, Cards imports the authentication, signing, and encryption certificates from the PIV-D application. The PIV-D certificate is then used to authenticate users against the Exchange Server through CBA and dual authentication in Cards. For more information on the PIV-D application, see Workspace ONE PIV-D Manager Admin Guide.
- Configure the SDK profile.
- In the Workspace ONE UEM console, navigate to .
- Select SDK Profile.
- Select a platform.
- Configure the profile's General Settings.
- Select the Credentials payload and select Configure.
- Set the Credential Source to Derived Credentials.
- Select the Key Usage based on how the certificate is used. Select Authentication, Signing, or Encryption. To add additional certificates, use the plus sign at the bottom of the profile screen.
- Select Save and Publish.
- Assign the SDK Profile to Cards.
- Navigate to and add Workspace ONE Cards. If the Cards application has already been added, you can skip the preceding step.
- Select Edit.
- On the SDK tab, set the SDK profile to the one configured with the derived credential source and key usage.
- Select Save and Assign.