Add and publish the Workspace ONE PIV-D Manager for Android app to devices as a public app. The app receives the derived credential certificates from the console so that the device can use them.

Procedure

  1. Navigate to Resources > Apps > Native > Public and select Add Application.

    The Managed By text box displays the organization group where the app is uploaded.

  2. Select Android for the Platform.
  3. To find the application, select Search App Store from the Source text box.
  4. To find the application in the app store, enter VMware PIV-D Manager in the Name text box.
  5. Select the application from the app store result page.

    The Add Application window displays. Adding information is optional.

  6. To move to the deployment section, select Save & Assign.

    You assign the app to devices and add optional app config parameters in the deployment section.

  7. Select the Assignment tab and Add Assignment.
  8. Enter a group that includes the devices that use your derived credential solution for Select Assignment Groups.
  9. Optional: Enable Application Configuration and enter the listed Configuration Key and the Value pairs. To insert lines, use the Add button.

    App config parameters perform some manual configurations for the user on the device but they are not required for Workspace ONE PIV-D Manager to work.

    Table 1. Common App Config Key-Value Pairs

    Configuration Key

    Value Type

    Configuration Value

    Description

    CertificateExpiryWarning String Your custom warning message for when a certificate is about to expire. If nothing is manually set, then our default warning message is displayed.
    CertificateExpiryWarningPeriod

    Integer

    Enable = Any numerical value greater than 0

    Disable = 0

    The default value is 30 days when nothing is manually set.
    ConnectorAppName String Select an application name that can be used by a back end connector to Workspace ONE UEM.

    To select a lookup value from the list or enter fixed text such as "VMware PIV-D", click +.

    This configuration key is only supported by the Intercede provider.

    ConnectorDeviceIdentifier String Select a device identifier that can be used by a back end connector to Workspace ONE UEM.

    To select a lookup value, such as {DeviceUid}, from the list, click +.

    This configuration key is only supported by Entrust and Intercede providers.

    EnableEntrustBluetoothLogin Boolean

    True = On

    False = Off

    When you enable this value, the PIN policy defined in the Entrust system is honored instead of what is defined here.
    EnableKeyChainInstallation Boolean

    True = On

    False = Off

    Enables PIV-D Manager to install credentials directly to the Android Keystore through the Android KeyChain interface on unmanaged devices.
    EnableManualCertificateImport Boolean

    True = On

    False = Off

    Enables integrations with XTec to import certificates from web browser downloads using the download portal website for customers.
    EnablePDFSigning Boolean

    True = On

    False = Off

    Enables apps like Workspace ONE Boxer or Adobe Acrobat Reader to sign a PDF document using the derived credential in Workspace ONE PIV-D Manager.
    PIVDConfig Array

    0 = Off

    1 = On

    Workspace ONE PIV-D Manager prompts the end user for an app token from Self Service Portal before letting them proceed with fetching an SDK profile and certificate. This feature only works when the PIVDProvider configuration key value is 5 (Workspace ONE UEM).
    PIVDInstructions String The instructional text for the end user. A brief single string instruction for the end user to prepare them for using the app to activate/provision/import derived credentials from the provider.
    PIVDPromptForPIN Boolean

    True = On

    False = Off

    Workspace ONE PIV-D Manager prompts the end user for the PIN even if you enable SSO.
    PIVDProvider Integer

    1 = Entrust

    2 = Intercede

    3 = Purebred

    4 = XTec

    5 = Workspace ONE UEM

    6 = YubiKey

    7 = AuthentX ID by XTec

    This numeric value corresponds to a given provider. Workspace ONE UEM sends the value to the app to pre-configure the provider for the assigned end users.
    Table 2. Android App Config Key-Value Pair
    Key Value Type Description
    PinDisallowDuplicate Boolean Setting to True checks for duplicate characters next to each other in the pin protecting the certificate store.
    PinDisallowSequential Boolean Setting to True checks for a sequence of characters going up or down in value (123, 321, abc) in the pin protecting the certificate store.
    PinLengthMinimum Integer The minimum character length for the pin protecting the certificate store.

    For iOS devices, the minimum required PIN length is six characters.

    PinLowercaseMinimum Integer The minimum number of lowercase characters for the pin protecting the certificate store.
    PinNumbersMinimum Integer The minimum number of number characters for the pin protecting the certificate store.
    PinSpecialCharMinimum Integer The minimum number of special characters for the pin protecting the certificate store.

    Supported characters: ~!@#$%^&*_-+=`|\(){}[]:;"'<>,.?/

    PinUppercaseMinimum Integer The minimum number of uppercase characters for the pin protecting the certificate store.
  10. Select Add to assign the app to the devices in the assignment group and then save and publish Workspace ONE PIV-D Manager as a managed application.