Add and publish the Workspace ONE PIV-D Manager to devices as a public app. The app receives the derived credential certificates from the console so that the device can use them.

For details on how to use Workspace ONE PIV-D Manager to sign PDFs with derived credentials, see Sign PDFs with Workspace ONE PIV-D Manager for iOS.

Procedure

  1. Navigate to Apps & Books > Applications > Native > Public and select Add Application.

    The Managed By text box displays the organization group where the app is uploaded.

  2. Select the desired platform.
  3. Select Search App Store from the Source field to find the application.
  4. Enter VMware PIV-D Manager as the keyword in the Name text box to find the application in the app store.
  5. Select the application from the app store result page.

    The Add Application window displays but you do not need to add further information unless you want to.

  6. Select Save & Assign to move to the deployment section.

    You assign the app to devices and add optional app config parameters in the deployment section.

  7. Select the Assignment tab and Add Assignement.
  8. Enter a group that includes the devices that use your derived credential solution for Select Assignment Groups.
  9. (Optional) Under the Application Configuration tab, enable Application Configuration and enter the listed Configuration Key and Value pairs. Use the Add button to insert additional lines.

    App config values parameters some manual configurations for the user on the device but they are not required for Workspace ONE PIV-D Manager to work.

    Table 1. Common App Config Key-Value Pairs

    Configuration Key

    Value Type

    Configuration Value

    Description

    PIVDProvider

    Integer

    1 = Entrust

    2 = Intercede

    3 = Purebred

    4 = XTec

    5 = Workspace ONE UEM

    This numeric value corresponds to a given provider. Workspace ONE UEM sends the value to the app to pre-configure the provider for the assigned end users.

    PIVDInstructions

    String

    The instructional text for the end user.

    A brief single string instruction for the end user to prepare them for using the app to activate/provision/import derived credentials from the provider.

    PIVDConfig

    Array

    0 = Off

    1 = On

    Workspace ONE PIV-D Manager prompts the end user for an app token from the Self Service Portal before letting them proceed with fetching an SDK profile and certificate. This feature only works when the PIVDProviderconfiguration key value is 5 (Workspace ONE UEM).

    PIVDPromptForPIN

    Boolean

    true = on

    false r= off

    Workspace ONE PIV-D Manager prompts the end user for the PIN even if you enable SSO.

    CertificateExpiryWarningPeriod

    Integer

    Enable = Any numerical value greater than 0

    Disable = 0

    If nothing is manually set, the default value is 30 days.

    CertificateExpiryWarning

    String

    Your custom warning message for when a certificate is about to expire.

    If nothing is manually set, then our default warning message is displayed.

    Table 2. iOS App Config Key-Value Pairs

    Key

    Value Type

    Description

    EnableEntrustBluetoothLogin

    Boolean

    true = on

    false = off

    When you enable this value, the PIN policy defined in the Entrust system is honored instead of what is defined here.

    EnableManualCertificateImport

    Boolean

    true = on

    false = off

    Enables integrations with XTec to import additional certificates from web browser downloads using the download portal website for customers.

    EnablePDF Signing

    Boolean

    true = on

    false = off

    Enable apps like Mail, Workspace ONE Boxer, or Adobe Acrobat Reader, to sign a PDF document using the derived credential in Workspace ONE PIV-D Manager.

    PinLengthMinimum

    Integer

    The minimum character length for the pin protecting the certificate store.

    For iOS devices, the minimum required PIN length is 6 characters.

    PinUppercaseMinimum

    Integer

    The minimum number of uppercase characters for the pin protecting the certificate store.

    PinLowercaseMinimum

    Integer

    The minimum number of lowercase characters for the pin protecting the certificate store.

    PinSpecialCharMinimum

    Integer

    The minimum number of special characters for the pin protecting the certificate store.

    Supported characters: ~!@#$%^&*_-+=`|\(){}[]:;"'<>,.?/

    PinNumbersMinimum

    Integer

    The minimum number of number characters for the pin protecting the certificate store.

    PinDisallowDuplicate

    Boolean

    Setting this to True checks for duplicate characters next to each other in the pin protecting the certificate store.

    PinDisallowSequential

    Boolean

    Setting this to True checks for a sequence of characters going up or down in value (123, 321, abc) in the pin protecting the certificate store.

  10. Select Add to assign the app to the devices in the assignment group and then save and publish Workspace ONE PIV-D Manager as a managed application.