Control the use of the keychain PIN when users log in to apps with derived credentials by configuring Single Sign-On (SSO). Then, deploy the SSO configuration to Workspace ONE PIV-D Manager for iOS.

Note: You deploy this SDK profile at the app level. It is different from the Credentials profile that you use to set devices to use derived credentials in the console.

SSO Configurations Control PIN Use

If you do not use the default SDK profile at all, users must set a PIN with a six character minimum length.

If you deploy Workspace ONE PIV-D Manager with Single Sign-On > Enabled, the Workspace ONE PIV-D Manager app does not prompt users for their PINs when using derived credentials.

If you set the default SDK profile as Single Sign-On > Disabled, the Workspace ONE PIV-D Manager app prompts users for their PINs when using derived credentials.

Force PIN Use with Custom Settings

If you configured your default SDK profile as Single Sign-On > Enabled, you can still require PIN use. Enable Custom Settings in the default SDK profile and enter PIVDPromptForPIN with the value True.
{
“PIVDPromptForPIN”:true
}

Configure Complexity with KVPs

Use several available KVPs to configure the complexity of the PIN. For a list of availble KVPs and how to configure them, access Send Derived Credentials from the Console to iOS Devices.

How to Deploy SSO

Configure the default SDK profile with the PIN behavior you want and then assign the default SDK profile to Workspace ONE PIV-D Manager.

  1. Configure SSO in the default SDK profile.
    1. In the Workspace ONE UEM console, go to the applicable organization group where your Workspace ONE PIV-D Manager app resides.
    2. Go to Groups & Settings > All Settings > Apps > Settings and Policies > Security Policies > Single Sign-On.
    3. Select Enabled or Disabled depending on the desired experience and save the default SDK profile.
    4. Optionally, go to Groups & Settings > All Settings > Apps > Settings and Policies > Settings > Custom Settings to enable it and to enter PIVDPromptForPIN with the value True to force PIN use.
  2. Assign the SDK profile to Workspace ONE PIV-D Manager.
    1. Go to Apps & Books > Applications > Native > Public and edit the Workspace ONE PIV-D Manager app.
    2. Select SDK and select iOS Default Settings @ Global for SDK Profile.
    3. Save your changes.