Entrust users can login with Bluetooth to use the Workspace ONE PIV-D Manager app as a virtual smartcard. The app logs in to Windows or Mac desktops and websites that might normally require a physical smartcard for authentication.


Users can use the Bluetooth login configuration when they meet following requirements.

  • Users have installed the Bluetooth drivers from Entrust on Windows and Mac machines so the devices can pair. Find the drivers at https://trustedcare.entrustdatacard.com.
  • The Workspace ONE PIV-D Manager app is enrolled using Entrust as the derived credential provider.
  • The admin has set the EnableEntrustBluetoothLogin configuration key with a value type of Boolean to true in the Workspace ONE UEM console when the Workspace ONE PIV-D Manager is assigned.
  • If a user is already using PIV-D with Entrust-activated derived credentials, iOS requires the user to reactivate their credentials before they can use Bluetooth login. If the user does not reactivate their credentials, the bluetooth settings do not appear in the app UI.
  • Users can reissue a derived credential in Workspace ONE PIV-D Manager by navigating toSettings > Account Re-Issue > Derived Credential.


  1. Enable Bluetooth login on your mobile device.
    1. Under Device Settings, enable Bluetooth.
    2. Start the Workspace ONE PIV-D Manager app and tap the settings gear icon.
    3. Enable Bluetooth Login.
  2. Pair Workspace ONE PIV-D Manager with a desktop.
    1. Press the Bluetooth login menu item that displays on the Workspace ONE PIV-D Manager app home page. This action Press begins scanning for nearby devices to pair with or connect to.
    2. Select the desktop to connect to.
    3. If applicable, enter the PIV-D pin and request selection of the certificate to use for authentication.
      This pin is the one created at the time of derived credential enrollment in PIV-D.
  3. Log in to a desktop computer or website using Workspace ONE PIV-D Manager.
    Additionally, if the user browses to a website that expects smart card authentication on the desktop, the user can authenticate to the website with the same PIV-D connection.
    If the connection and pin entry are successful, the user is logged in to the desktop.
  4. Enable a device to auto-connect by selecting the autoconnect option next to the device name.
    Attempting to auto-connect to another device deactivates the existing auto-connect session.
    After auto-connect is enabled, the Workspace ONE PIV-D Manager app automatically connects to desktops when the device enters Bluetooth range.