Configuring the PIV-D Entrust app for Android

Applicable derived credential providers and device platforms

Derived credential providers	Entrust
Device platforms	Android

A device user uses the MobileIron PIV-D Entrust app to activate Entrust derived credentials on a device after registering a device to MobileIron Core. This capability requires you to configure a key-value pair for the PIV-D Entrust app in its AppConnect app configuration. The value is a Core variable that contains the activation URL. Entrust provides the activation URL to Core when the user requests a derived credential on the self-service user portal. The PIV-D Entrust app receives the value when the user launches the app on the device.

You can also configure a key-value pair containing a unique device identifier that the app sends to the Entrust IdentityGuard server. This identifier allows an administrator to determine which device contains a given derived credential, allowing control around auditing and revocation.

Note that Core automatically creates an AppConnect app configuration for the PIV-D Entrust app for Android when you upload the app to the App Catalog. This procedure assumes you use that AppConnect app configuration.

Procedure

On the Admin Portal, go to Policies & Configs > Configurations.

Select the AppConnect app configuration that Core automatically created for the PIV-D Entrust app for Android. It has the name PIV-D Entrust app, the configuration type is APPCONFIG, and the package name forgepond.com.mobileiron.android.pivd.

Click Edit.

In the App-specific Configurations section, add the case-sensitive key-value pairs:

Key	Value
Required key and value MI_CREDENTIAL_ACTIVATION_URL	$DEVICE_PIVD_ACTIVATION_LINK$
Optional key and value MI_CREDENTIAL_DEVICE_ID	A MobileIron Core substitution variable that uniquely identifies the device. Examples: $DEVICE_ID$ $DEVICE_UUID$ $DEVICE_IMSI$

Key

Value

Required key and value

MI_CREDENTIAL_ACTIVATION_URL

$DEVICE_PIVD_ACTIVATION_LINK$

Optional key and value

MI_CREDENTIAL_DEVICE_ID

A MobileIron Core substitution variable that uniquely identifies the device.

Examples:

$DEVICE_ID$

$DEVICE_UUID$

$DEVICE_IMSI$

Click Save.

Select the AppConnect app configuration that you just created.

Click More Actions > Apply to Label.

Select the labels to which you want to apply this policy.

NOTE:

Core already labeled it with the same labels you applied to the PIV-D Entrust app for Android.

Click Apply.