Workspace ONE Content app users are granted access to on-prem SharePoint repositories after the users are authenticated using the PIV-D Derived Credentials. Certificate-based authentication eliminates the requirement of user name and password.
On-prem repositories such as SharePoint can be configured to use the PIV-D Derived Credentials for authentication. Configuring the SharePoint repository to use the PIV-D Derived Credential requires Kerberos configuration in the VMware Content Gateway settings.
Kerberos Constrained Delegation (KCD) server must be set up with proper SPNs (Service Principal Names).
Active Directory must be synced with Workspace ONE UEM, with User Principle Name (UPN) as an attribute.
Service account must be available to both Workspace ONE UEM and VMware Content Gateway to use as part of the Kerberos authentication workflow.
Content Gateway must be provided a trusted certificate from the Certificate Authority (CA) issuing the user certificates. These certificates might be only intermediate certificates or the entire certificate chain depending on validation requirements on the CA.