App use cases for derived credentials

The following table shows what AppConnect apps can use derived credentials and for what purposes:

Table 1. AppConnect apps that can use derived credentials and their use cases

App

Supported Platforms

Use cases

Email+

iOS

Android

S/MIME signing
S/MIME encryption
Identifying and authenticating the email user to the email server
NOTE: Email+ supports certificate-based authentication using derived credentials with Microsoft Exchange servers only. However, Email+ usage of certificate-based authentication using derived credentials is compatible with any ActiveSync server that supports certificate-based authentication.

iOS only:

S/MIME decryption of older emails for which the original encryption certificate has expired. This feature requires:
- Mobile@Work 10.2 for iOS through the most recently released version as supported by MobileIron
- PIV-D Manager 2.1 for iOS through the most recently released version as supported by MobileIron
- Email+ 3.8 for iOS through the most recently released version as supported by MobileIron
- A derived credential provider that provides a set of decryption certificates

Web@Work

iOS

Android

Identifying and authenticating the Web@Work user to backend servers

Docs@Work

iOS

Android

Identifying and authenticating the Docs@Work user to content servers

In-house AppConnect apps

iOS

Android

Any use of identity certificates in an app’s key-value pairs.
iOS only: Identifying and authenticating the app user to backend services using AppConnect for iOS certificate authentication provided by the AppConnect for iOS library.

Third-party AppConnect apps

iOS

Any use of identity certificates in an app’s key-value pairs.
Identifying and authenticating the app user to backend services using AppConnect for iOS certificate authentication provided by the AppConnect for iOS library.
NOTE: Non-AppConnect apps on iOS devices can use Entrust derived credentials to authenticate to enterprise servers or web services that use SAML-based authentication.