Control the use of the keychain PIN when users log in to apps with derived credentials by configuring Single Sign-On (SSO). Then, deploy the SSO configuration to Workspace ONE PIV-D Manager for iOS.
SSO Configurations Control PIN Use
If you do not use the default SDK profile at all, users must set a PIN with a six character minimum length.
If you deploy Workspace ONE PIV-D Manager with , the Workspace ONE PIV-D Manager app does not prompt users for their PINs when using derived credentials.
If you set the default SDK profile as Workspace ONE PIV-D Manager app prompts users for their PINs when using derived credentials., the
Force PIN Use in Application Configuration
If you configured your default SDK profile as PIVDPromptForPIN., you can still require PIN use. In Application Configuration, select True as the Configuration Value for
Configure Complexity with KVPs
To configure the complexity of the PIN, use several available KVPs. For a list of available KVPs and how to configure them, access Send Derived Credentials from the Console to iOS Devices.
How to Deploy SSO
Configure the default SDK profile with the PIN behavior you want and then assign the default SDK profile to Workspace ONE PIV-D Manager.
- Configure SSO in the default SDK profile.
- In the Workspace ONE UEM console, go to the applicable organization group where your Workspace ONE PIV-D Manager app resides.
- Go to .
- Select Enabled or Disabled depending on the desired experience and save the default SDK profile.
- Optional: To force PIN use, in Application Configuration for PIV-D Manager, select True as the Configuration Value for PIVDPromptForPIN.
- Assign the SDK profile to Workspace ONE PIV-D Manager.
- Go to Workspace ONE PIV-D Manager app. and edit the
- Select SDK and select iOS Default Settings @ Global for SDK Profile.
- Save your changes.