Adding the PIV-D Manager app for iOS to the App Catalog

Applicable derived credential providers and device platforms

Derived credential providers	Entrust, DISA Purebred
Device platforms	iOS

Device users use the PIV-D Manager app for iOS to use derived credentials on iOS devices. You add the app to the App Catalog, configuring it to have a AppConnect custom configuration. The key-value pairs you configure in the AppConnect custom configuration depend on the derived credential provider.

Procedure

In the Admin Portal, go to Apps > App Catalog.

Click +Add.

Select iOS Store to search the Apple App Store.

Enter MobileIron PIV-D Manager in the search field.

Select the MobileIron PIV-D Manager app that displays.

Click Next.

Select the users and user groups that you want to distribute the app to.

10.

Click Next.

11.

Scroll down to AppConnect Custom Configuration.

12.

Select + to add a new AppConnect custom configuration.

13.

Enter a name for the AppConnect custom configuration.

14.

In the AppConnect Custom Configuration section, add the case-sensitive key-value pairs, depending on the derived credential provider:

Table 1. Key-value pairs for PIV-D Manager when using Entrust

Key	Value	Description
Required key and value MI_CREDENTIAL_ACTIVATION_URL	${pivdActivationLink}	Entrust provides the activation URL to MobileIron Cloud when the user requests a derived credential on the MobileIron Cloud Self-Service Portal. The PIV-D Manager app receives the value when the user launches the app on the device.
Optional key and value MI_CREDENTIAL_DEVICE_ID	A MobileIron Cloud substitution variable that uniquely identifies the device. Examples: ${deviceClientDeviceIdentifier} ${deviceUDID} ${deviceIMSI}	This key-value pair contains a unique device identifier that the PIV-D Manager app sends to the Entrust IdentityGuard server. This identifier allows an administrator to determine which device contains a given derived credential, allowing control around auditing and revocation.

Key

Value

Description

Required key and value

MI_CREDENTIAL_ACTIVATION_URL

${pivdActivationLink}

Entrust provides the activation URL to MobileIron Cloud when the user requests a derived credential on the MobileIron Cloud Self-Service Portal. The PIV-D Manager app receives the value when the user launches the app on the device.

Optional key and value

MI_CREDENTIAL_DEVICE_ID

A MobileIron Cloud substitution variable that uniquely identifies the device.

Examples:

${deviceClientDeviceIdentifier}

${deviceUDID}

${deviceIMSI}

This key-value pair contains a unique device identifier that the PIV-D Manager app sends to the Entrust IdentityGuard server. This identifier allows an administrator to determine which device contains a given derived credential, allowing control around auditing and revocation.

Table 2. Key-value pairs for PIV-D Manager when using DISA Purebread

Key	Value	Description
MI_CREDENTIAL_ENABLE_PUREBRED	True	Enables the PIV-D Manager app to support DISA Purebred derived credentials

15.

Select the users and user groups that you want to distribute the AppConnect custom configuration to.

16.

Click Next.

17.

Click Done.