SSO Configurations Control PIN Use

If you do not use the default SDK profile at all, users must set a PIN with a six character minimum length.

If you deploy Workspace ONE PIV-D Manager with Single Sign-On > Enabled, the Workspace ONE PIV-D Manager app does not prompt users for their PINs when using derived credentials.

If you set the default SDK profile as Single Sign-On > Disabled, the Workspace ONE PIV-D Manager app prompts users for their PINs when using derived credentials.

Force PIN Use in Application Configuration

If you configured your default SDK profile as Single Sign-On > Enabled, you can still require PIN use. In Application Configuration, select True as the Configuration Value for PIVDPromptForPIN.

Configure Complexity with KVPs

To configure the complexity of the PIN, use several available KVPs. For a list of available KVPs and how to configure them, access Send Derived Credentials from the Console to iOS Devices.

How to Deploy SSO

Configure the default SDK profile with the PIN behavior you want and then assign the default SDK profile to Workspace ONE PIV-D Manager.

1. Configure SSO in the default SDK profile.
   1. In the Workspace ONE UEM console, go to the applicable organization group where your Workspace ONE PIV-D Manager app resides.
   2. Go to Groups & Settings > All Settings > Apps > Settings and Policies > Security Policies > Single Sign-On.
   3. Select Enabled or Disabled depending on the desired experience and save the default SDK profile.
   4. Optional: To force PIN use, in Application Configuration for PIV-D Manager, select True as the Configuration Value for PIVDPromptForPIN.
2. Assign the SDK profile to Workspace ONE PIV-D Manager.
   1. Go to Resources > Apps > Native > Public and edit the Workspace ONE PIV-D Manager app.
   2. Select SDK and select iOS Default Settings @ Global for SDK Profile.
   3. Save your changes.