Configuring the VMware PIV-D Manager involves adding the VMware PIV-D Manager as a public application, determining how end-users receive it, and configuring PIV-D settings for each vendor.

Procedure

  1. Navigate to Apps & Books > Applications > Native > Public and select Add Application.

    The Managed By field displays the organization group where the app is uploaded.

  2. Select the desired Platform.
  3. Select Search App Store from the Sourcefield to find the application.
  4. Enter "VMware PIV-D Manager" as the keyword in the Name text box to find the application in the app store.
  5. Select Next and use Select to pick the application from the app store result page.

    The Edit Application window displays.

  6. (Optional) Select the Assignment tab and scroll to the section labeled Application Configuration.
  7. Enable Send Application Configuration and configure the following Configuration Keys and Values. Use the Add button to insert additional lines.

    Configuration Key

    Value Type

    Configuration Value

    Description

    PIVDProvider

    Integer

    1 = Entrust

    2 = Intercede

    3 = Purebred

    4 = XTec

    5 = Workspace ONE UEM

    This numeric value corresponds to a given provider. Workspace ONE UEM sends the value to the app to pre-configure the provider for the assigned end users.

    PIVDInstructions

    String

    The instructional text for the end user.

    A brief single string instruction for the end user to prepare them for using the app to Activate/Provision/Import Derived Credentials from the provider.

    PIVDConfig

    0 = Off

    1 = On (Default)

    PIV-D Manager prompts the end user for an App Token from AW SSP before letting them proceed with fetching an SDK Profile and certificate. This only works when the PIVDProvide configuration key value is 5 (Workspace ONE UEM).

    EnableEntrustBluetoothLogin

    Boolean

    true = on

    false = off

    Table 1. iOS App Config key-value pairs

    Key

    Value Type

    Description

    PinLengthMinimum

    Integer

    The minimum character length for the pin protecting the Certificate Store.

    PinUppercaseMinimum

    Integer

    The minimum number of uppercase characters for the pin protecting the Certificate Store.

    PinLowercaseMinimum

    Integer

    The minimum number of lowercase characters for the pin protecting the Certificate Store.

    PinSpecialCharMinimum

    Integer

    The minimum number of special characters for the pin protecting the Certificate Store.

    Supported characters: ~!@#$%^&*_-+=`|\(){}[]:;"'<>,.?/

    PinNumbersMinimum

    Integer

    The minimum number of number characters for the pin protecting the Certificate Store.

    PinDisallowDuplicate

    Boolean

    Setting this to "True" checks for duplicate characters next to each other in the pin protecting the Certificate Store.

    PinDisallowSequential

    Boolean

    Setting this to "True" checks for a sequence of characters going up or down in value (123, 321, abc) in the pin protecting the Certificate Store.

    Note:

    If Entrust Bluetooth Login is enabled, the pin policy defined in the Entrust system will be honored instead of what's defined here.

  8. Deploy VMware PIV-D Manager as a managed application.