To set up single sign-on authentication to AirWatch managed iOS 9 mobile devices, you can set up a trust relationship between Active Directory and AirWatch and enable the Mobile SSO for iOS authentication method in VMware Identity Manager.

About this task

After you configured the certificate authority and certificate template for Kerberos certificate distribution in the Active Directory Certificate Services, you enable AirWatch to request the certificate used for authentication and add the certificate authority to the AirWatch admin console.


  1. In the AirWatch admin console main menu, navigate to Devices > Certificates > Certificate Authorities.
  2. Click Add.
  3. Configure the following in the Certificate Authority page.

    Make sure that Microsoft AD CS is selected as the Authority Type before you start to complete this form.




    Enter a name for the new Certificate Authority.

    Authority Type

    Make sure that Microsoft ADCS is selected.


    Select ADCS as the protocol.

    Server Hostname

    Enter the URL of the server. Enter the hostname in this format https://{}/certsrv.adcs/. The site can be http or https depending on how the site is set up. The URL must include the trailing /.


    If the connection fails when you test the URL, remove the http:// or https:// from the address and test the connection again.

    Authority Name

    Enter the name of the certificate authority that the ADCS end point is connected to. This name can be found by launching the Certification Authority application on the certificate authority server.


    Make sure that Service Account is selected.

    Username and Password

    Enter the user name and password of the AD CS admin account with sufficient access to allow AirWatch to request and issue certificates.

  4. Click Save.

What to do next

Configure the Certificate Template in AirWatch.