VMware AirWatch Derived Credentials FAQ

A Derived Credential is a client certificate generated on the mobile device (or issued) after an end user has proven their identity by using their existing smart card (i.e. CAC or PIV) during an enrollment process.

Derived Credentials is a great alternative for any organization who uses smart cards today but does not want to use them with their mobile devices. Although Derived Credentials is a very federally focused term, the use case could apply to any of the following verticals:

  • Department of Defense (DoD)
  • Fed Civilian Agencies
  • State & Local Agencies
  • Federally Funded Research & Development Centers (FFRDC’s)
  • Federal System Integrators
  • Other Regulated Verticals (i.e. Financial & Healthcare)

This article serves to answer any frequently asked questions that may arise with the implementation of Derived Credentials with VMware AirWatch.

Frequently Asked Questions

Who is the best Derived Credentials vendor to use with AirWatch?

This depends on the customer as there are multiple government off the shelf (GOTS) as well as commercially off the shelf (COTS) providers in the market today.

How does VMware AirWatch support Derived Credentials?

VMWare has built a framework for abstraction that allows every customer to have a very similar experience regardless of what Derived Credential vendor they use in conjunction with VMware AirWatch.

What OS does VMware AirWatch support Derived Credentials on?

Currently our solution is only available on iOS devices.

Where can the Derived Credential be utilized in conjunction with VMware AirWatch?

Currently the Derived Credentials can be utilized with native applications (i.e. Mail and Browser) as well as device profiles on iOS


To download the implementation guide, click here


Have more questions? Submit a request


Article is closed for comments.