VMware Workspace ONE PIV-D Manager now works with YubiKey. The PIV-D Manager mobile app can sign PDF documents on a mobile device with credentials from a YubiKey accessory aligning with a remote-first global organizational strategy.
YubiKey accessories are part of the changing world of high-security mobile data protection allowing secure remote access. They meet the needs of the most demanding customers, including U.S. federal agencies. Those are the same customers that PIV-D Manager was designed to serve.
Workspace ONE PIV-D Manager is a mobile app for handling derived PIV credentials, improving employee experience without compromising on security. PIV-D Manager’s role in the Workspace ONE platform includes the following:
- Proprietary credential issuance, from partners such as Purebred, Entrust, Intercede, XTec and Microsoft ADCS.
- Making issued credentials available to other mobile apps on the same device.
- Direct credential utilization, for example, to sign PDF files for the end-user.
The security accessories of interest to PIV-D customers are hardware products that:
- Can process cryptographic operations with stored keys without exposing their key material, and;
- Can interface with a smartphone or tablet device, via USB or NFC for example.
The data protection provided by an accessory is independent of the device to which it is connected. A security accessory can have its own certifications, such as FIPS 140-2.
Selected YubiKey products have been certified and approved for use by customers of PIV-D Manager. For this reason, YubiKey is a good choice of accessory for PIV-D Manager integration.
This is the first integration between PIV-D Manager and a security accessory. For simplicity of implementation, the team chose a feature that works in PIV-D Manager alone.
PDF document signing is a popular feature and runs standalone in the PIV-D Manager app. Other use cases are possible, but for now, we want to put this initial useful feature in the hands of the customer, to gather feedback.
For the end user, the PDF signing user interface of PIV-D Manager now supports YubiKey. Connect your YubiKey to your mobile device, or tap the NFC reader, to complete digital signatures on the go.
For the enterprise administrator, PIV-D Manager can now sign PDF documents with credentials protected by YubiKey security. If end users are already issued with signing certificates on a YubiKey, this already works. If not, you just need to add suitable certificates from your current credential provider to the YubiKey load.
For full instructions, see our PIV-D Manager YubiKey Registration guide.