App use cases for derived credentials

The following table shows what AppConnect apps can use derived credentials and for what purposes:

**Table 4.** AppConnect apps that can use derived credentials and their use cases
App	Supported Platforms	Use cases
Email+	iOS Android	S/MIME signing S/MIME encryption Identifying and authenticating the email user to the email server Email+ supports certificate-based authentication using derived credentials with Microsoft Exchange servers only. However, Email+ usage of certificate-based authentication using derived credentials is compatible with any ActiveSync server that supports certificate-based authentication. iOS only: S/MIME decryption of older emails for which the original encryption certificate has expired. This feature requires: Mobile@Work 10.2 for iOS and supported newer versions PIV-D Manager 2.1 for iOS and supported newer versions Email+ 3.8 for iOS and supported newer versions A derived credential provider that provides a set of decryption certificates
Web@Work	iOS Android	Identifying and authenticating the Web@Work user to backend servers
Docs@Work	iOS Android	Identifying and authenticating the Docs@Work user to content servers
In-house AppConnect apps	iOS Android	Any use of identity certificates in an app’s key-value pairs. iOS only: Identifying and authenticating the app user to backend services using AppConnect for iOS certificate authentication provided by the AppConnect for iOS library.
Third-party AppConnect apps	iOS	Any use of identity certificates in an app’s key-value pairs. Identifying and authenticating the app user to backend services using AppConnect for iOS certificate authentication provided by the AppConnect for iOS library.

Non-AppConnect apps on iOS devices can use Entrust derived credentials to authenticate to enterprise servers or web services that use SAML-based authentication.