The VMware Workspace ONE PIV-D Manager frees you from carrying a smart card reader to access your PIV or CAC credentials. VMware Workspace ONE PIV-D Manager integrates with various derived credential providers or a YubiKey accessory. Learn more about the supported configurations for Workspace ONE PIV-D Manager when using third-party providers and the differences between Android, iOS, iPadOS, and Samsung Knox.
PIV-D Feature Matrix
The PIV-D Feature Matrix shows the availability of certificate-based authentication (CBA) and S/MIME based on the credential source and the mobile device type. The credential source is one of the following:
- Issuance - Credentials are issued to the PIV-D Manager app and then stored securely on the device. The following are supported issuance sources:
- DISA Purebred
- Entrust
- Intercede
- Xtec
- Workspace ONE UEM
- AuthentX ID by Xtec
- Accessory - Credentials are stored on an accessory connected through NFC or by being plugged in. The following is the only supported accessory:
- YubiKey by Yubico
Feature/Device Availability
In some instances, there are dependencies for feature availability on certain devices. The following shows when a feature is available on a device.
- CTK - Availability depends on the Apple Persistent Device Token extension, also known as CryptoTokenKit (CTK) provider.
- DI - Availability depends on the direct installation of certificates to the Android device key store by the PIV-D Manager app.
- MDM - Availability depends on the mobile device management (MDM) capability of the operating system.
- CTK/MDM - Availability depends on either CTK provider or MDM.
- * - Availabilty on a device.
Credential Source: Issuance
| Feature | Registered iOS or iPadOS | Registered Android | Managed iOS or iPadOS | Managed Android | Managed Knox |
|---|---|---|---|---|---|
| Workspace ONE Boxer email CBA | * | * | * | * | * |
| Workspace ONE Boxer email S/MIME | * | * | * | * | * |
| Microsoft Outlook CBA | CTK* | DI* | CTK/MDM* | MDM* | MDM* |
| Microsoft Outlook S/MIME | CTK* | DI* | CTK/MDM* | MDM* | MDM* |
| Native mail client CBA | CTK* | DI* | CTK/MDM* | MDM* | MDM* |
| Native mail client S/MIME | CTK* | DI* | CTK/MDM* | MDM* | MDM* |
| Workspace ONE Web website CBA | * | * | * | * | * |
| Native browser website CBA | CTK* | DI* | CTK/MDM* | MDM* | MDM* |
| Wi-Fi connection CBA | CTK* | DI* | CTK/MDM* | MDM* | MDM* |
| Third party VPN CBA | CTK* | DI* | CTK/MDM* | MDM* | MDM* |
| Digitally sign PDFs | * | * | * | * | * |
Credential Source: Accessory
| Feature | Registered iOS or iPadOS | Registered Android | Managed iOS or iPadOS | Managed Android | Managed Knox |
|---|---|---|---|---|---|
| Workspace ONE Boxer email CBA | CTK* | CTK* | |||
| Workspace ONE Boxer email S/MIME | CTK* | CTK* | |||
| Microsoft Outlook CBA | CTK* | CTK* | |||
| Microsoft Outlook S/MIME | CTK* | CTK* | |||
| Native mail client CBA | CTK* | CTK* | |||
| Native mail client S/MIME | CTK* | CTK* | |||
| Workspace ONE Web website CBA | CTK* | CTK* | |||
| Native browser website CBA | CTK* | CTK* | |||
| Wi-Fi connection CBA | CTK* | CTK* | |||
| Third party VPN CBA | CTK* | CTK* | |||
| Digitally sign PDFs | * | * | * | * | * |
