Set up DISA Purebred derived credentials for your end users' devices managed by Workspace ONE UEM.

If you did not pre-select a derived credentials provider from the Workspace ONE UEM console, your end users must select the provider and follow the configuration steps for the selected provider. Purebred is a derived credentials solution developed by the Department of Defense (DoD) Public Key Enablement (PKE) office. You can learn more about Purebred by going to DoD Cyber Exchange Public.


  1. Complete the derived credentials enrollment through the Purebred Self Service Portal (SSP).
  2. Tap the VMware PIV-D Manager from the device and tap DISA Purebred.
  3. Tap Add certificate > Purebred Key Chain.
  4. Select your Authentication Certificate and tap Import Key. Repeat to import the Signing and Encryption Certificates.
  5. Once you import the Authentication Certificate, the Signing Certificate, and the Encryption Certificate, view the certificates from the Certificate list view.