What’s New with Workspace ONE and PIV-D Derived Credentials

Dec 19, 2019
Lucas Chen


Lucas Chen is a Product Line Manager at VMware responsible for the Workspace ONE SDK and PIV-D products. Lucas joined VMware after graduating from the Georgia Institute of Technology with a degree in computer engineering. Prior to product management, Lucas has worked as a software developer as well as a sales engineer. His areas of focus are mobile security and development platforms.

Share This Post On

Greetings and happy holidays. It’s been an incredible year thus far here at VMware for derived credentials and we’ve been keeping busy coming up with new innovations for the smartcard audience. The end of the year is almost here, but we’re not finished just yet and have some exciting new features for you to start 2020 off with a bang. We’ll also provide a quick recap of everything we’ve released these last few months in case you missed it.

You can now use PIV-D to digitally sign a PDF file with a derived credential

A common approval workflow in high security and regulated environments is to digitally sign a PDF file using the credential from a CAC, PIV, or smartcard. Historically, this process required users to open a laptop, plug in a reader and smartcard, and then sign the file which can be a cumbersome process depending on where you’re situated at the time. That’s all about to change, with the release of Workspace ONE PIV-D Manager v1.5, we’re introducing the world’s first commercial product to support mobile PDF signing with a derived credential.

Our PDF signing feature is built in a way that will be compatible with the majority of apps out on the store to ensure our customers can easily integrate into apps tailored for their use cases. PIV-D can sign PDF files from any app with native support for rendering, exporting, and importing PDF files. This includes, but is not limited to, Workspace ONE Boxer, Workspace ONE Content, Native Mail, and Adobe Reader just to throw out a few common examples. Check out the demo videos below to see this in action:

Android Enterprise and Derived Credentials

Google has made a lot of progress in their Android Enterprise management platform over the last few years. Many Workspace ONE customers in the private sector have already began their transition away from legacy Android enrollment to the new Google Recommended Android Enterprise framework. We’re now starting to see guidelines around Android Enterprise being incorporated into STIGs and various public sector agencies are also beginning their transition to Android Enterprise.

We’re pleased to introduce additional support for PIV-D on Android Enterprise enrolled devices. This includes management capabilities such as configuring WiFi, certificate keystores, and VPN in an Android Enterprise setting. Additionally, users can also make use of Workspace ONE Boxer and Workspace ONE Web with PIV-D for email and browsing use cases which involve a derived credential. The new features mentioned will be available starting in Intelligent Hub 19.10 and Workspace ONE UEM 1912.

In case you missed it…

Bluetooth Login with PIV-D

Earlier in the year, we released our new Bluetooth login capability to enable users to log into Windows and Mac machines using a virtual smartcard through the PIV-D mobile app. Make sure to check out the demo video of it here if you haven’t already seen it:

Workspace ONE Boxer and Web

In addition to supporting the native mail clients, PIV-D also has support for Workspace ONE Boxer, a highly secure mobile email client which also offers a delightful user experience. Boxer can leverage the derived credentials from PIV-D to authenticate to, sign, and encrypt email. Furthermore, Boxer is the world’s first and only mobile email client (at the time of writing) to achieve NIAP common criteria certification and makes use of FIPS 140-2 validated encryption.

Similar to the Boxer scenario, if your organization has additional security requirements not covered by native Browsers like Safari or Chrome, there is the Workspace ONE Web mobile application. Workspace ONE Web can also make use of derived credentials in the PIV-D application to seamless login to websites which require certificate authentication.


Take Advantage of Workspace ONE PIV-D Manager Today

Workspace ONE PIV-D Manager is available in Workspace ONE Advanced and above alongside our other Workspace ONE secure productivity apps. Want to try all this out for yourself? Check out the App Store links below to get started. To learn more about the PIV-D capabilities, read our datasheet or check out the webpage. To learn more about the Workspace ONE platform, visit workspaceone.com.

Stay tuned for more exciting announcements to come!

Workspace ONE PIV-D Manager on iOS

Workspace ONE PIV-D Manager on Android

468 ad