Set up Entrust IdentityGuard derived credentials for your end users' devices managed by Workspace ONE UEM.

Entrust IdentityGuard is a commercially off the shelf (COTS) Derived Credentials solution that transforms your mobile device in a virtual smart card for derived credential authentication. You can learn more about it by going to


  1. Start the enrollment process by logging in to the Entrust IdentityGuard Self-Service Portal from your laptop/desktop computer with your existing smart card.
  2. Once logged in, select “ I’d like to enroll for a derived mobile smart credential”.
  3. Select “I’ve successfully downloaded and installed the Entrust IdentityGuard Mobile Smart Credential application” and click Next.
  4. Enter a name under Identity Name, then select VMware PIV-D under the Derived Mobile Smart Credential App field.
  5. Click OK A QR Code and a one-time password displays.
  6. Launch the VMware PIV-D Application on your iOS Device and tap Scan QR code and then enter the one-time password.


Once the process is complete, you are taken to the Certificate list view.