The VMware Workspace ONE PIV-D Manager frees you from carrying a smart card reader to access your PIV or CAC credentials. VMware Workspace ONE PIV-D Manager integrates with various derived credential providers or a YubiKey accessory. Learn more about the supported configurations for Workspace ONE PIV-D Manager when using third-party providers and the differences between Android, iOS, iPadOS, and Samsung Knox.

PIV-D Feature Matrix

The PIV-D Feature Matrix shows the availability of certificate-based authentication (CBA) and S/MIME based on the credential source and the mobile device type. The credential source is one of the following:
  • Issuance - Credentials are issued to the PIV-D Manager app and then stored securely on the device. The following are supported issuance sources:
    • DISA Purebred
    • Entrust
    • Intercede
    • Xtec
    • Workspace ONE UEM
    • AuthentX ID by Xtec
  • Accessory - Credentials are stored on an accessory connected through NFC or by being plugged in. The following is the only supported accessory:
    • YubiKey by Yubico

Feature/Device Availability

In some instances, there are dependencies for feature availability on certain devices. The following shows when a feature is available on a device.
  • CTK - Availability depends on the Apple Persistent Device Token extension, also known as CryptoTokenKit (CTK) provider.
  • DI - Availability depends on the direct installation of certificates to the Android device key store by the PIV-D Manager app.
  • MDM - Availability depends on the mobile device management (MDM) capability of the operating system.
  • CTK/MDM - Availability depends on either CTK provider or MDM.
  • * - Availabilty on a device.

Credential Source: Issuance

Feature Registered iOS or iPadOS Registered Android Managed iOS or iPadOS Managed Android Managed Knox
Workspace ONE Boxer email CBA * * * * *
Workspace ONE Boxer email S/MIME * * * * *
Microsoft Outlook CBA CTK* DI* CTK/MDM* MDM* MDM*
Microsoft Outlook S/MIME CTK* DI* CTK/MDM* MDM* MDM*
Native mail client CBA CTK* DI* CTK/MDM* MDM* MDM*
Native mail client S/MIME CTK* DI* CTK/MDM* MDM* MDM*
Workspace ONE Web website CBA * * * * *
Native browser website CBA CTK* DI* CTK/MDM* MDM* MDM*
Wi-Fi connection CBA CTK* DI* CTK/MDM* MDM* MDM*
Third party VPN CBA CTK* DI* CTK/MDM* MDM* MDM*
Digitally sign PDFs * * * * *

Credential Source: Accessory

Feature Registered iOS or iPadOS Registered Android Managed iOS or iPadOS Managed Android Managed Knox
Workspace ONE Boxer email CBA CTK* CTK*
Workspace ONE Boxer email S/MIME CTK* CTK*
Microsoft Outlook CBA CTK* CTK*
Microsoft Outlook S/MIME CTK* CTK*
Native mail client CBA CTK* CTK*
Native mail client S/MIME CTK* CTK*
Workspace ONE Web website CBA CTK* CTK*
Native browser website CBA CTK* CTK*
Wi-Fi connection CBA CTK* CTK*
Third party VPN CBA CTK* CTK*
Digitally sign PDFs * * * * *