6 MDMs and derived credentials

You can use MyID derived credentials in conjunction with MDM systems such as Microsoft Intune and VMWare Workspace ONE.

See section 2.3, Supported Mobile Device Management integration for details of which systems are supported, and section 3.11, Setting up your MDM system for details of configuring the external systems for each type of MDM.

The objective is to use the trust placed in an issued certificate and use this to derive additional credentials to a mobile device managed by your MDM, to enable certificates to be used, depending on policy, for:

• App Authentication

• Email

• VPN

• S/MIME signing and encryption

• Wi-Fi authentication

Certificate issuance from MyID can be triggered by any process that displays a QR code to start a mobile provisioning process, for example Self Service Request Portal, PIV Derived Credential Kiosk or the Request My ID workflow in MyID Desktop.

The MDM providers have built the Intercede mobile SDK components into their apps to manage the provisioning process for certificates.

During the derived credential request process, MyID shows a QR code on screen. This is scanned by the mobile device which then triggers issuance of certificates from MyID to the mobile device. The MDM then takes control of these certificates to enable the certificate usage defined by MDM configuration.