You can use the Workspace ONE UEM Certificate Authority instead of the Active Directory Certificate Authority to set up single sign-on with built-in Kerberos authentication to Workspace ONE UEM managed iOS 9 mobile devices. You can enable Workspace ONE UEM Certificate Authority in the Workspace ONE UEM console and export the CA issuer certificate for use in the VMware Identity Manager service.

The Workspace ONE UEM Certificate Authority is designed to follow Simple Certificate Enrollment Protocol (SCEP) and is used with Workspace ONE UEM managed devices that support SCEP. VMware Identity Manager integration with Workspace ONE UEM uses the Workspace ONE UEM Certificate Authority to issue certificates to iOS 9 mobile devices as part of the profile.

The Workspace ONE UEM Certificate Authority issuer root certificate is also the OCSP signing certificate.