Set up DISA Purebred derived credentials for your end users' devices managed by Workspace ONE UEM.

If you did not pre-select a derived credentials provider from the Workspace ONE UEM console, your end users must select the provider and follow the configuration steps for the selected provider. Purebred is a derived credentials solution developed by the Department of Defense (DoD) Public Key Enablement (PKE) office.

For more information on KeyShare Reference for iOS, PK-Enabling Mobile Devices with DoD PKI Credentials, Privacy Policy for the Purebred Registration Application for Apple iOS, and Purebred Agent FAQs, see the public site DoD Cyber Exchange Public. If you have a Common Access Card (CAC), see


  1. Complete the derived credentials enrollment through the Purebred Self Service Portal (SSP).
  2. Tap the VMware PIV-D Manager from the device and tap DISA Purebred.
  3. Tap Add certificate > Purebred Key Chain.
  4. Select your Authentication Certificate and tap Import Key. Repeat to import the Signing and Encryption Certificates.
  5. Once you import the Authentication Certificate, the Signing Certificate, and the Encryption Certificate, view the certificates from the Certificate list view.