When you initially deploy the VMware Identity Manager service, your existing Active Directory infrastructure is used for user authentication and management. You integrate the service with other authentication solutions such as Kerberos, Certificate, and RSA SecurID from the administration console. To use Kerberos authentication for single sign-on to AirWatch managed iOS 9 devices requires you to manually initialize the Key Distribution Center (KDC) in the appliance before you can enable the built-in Kerberos authentication from the administration console.

Kerberos authentication provides users, who are successfully signed in to their domain, access to their apps portal without additional credential prompts. To support iOS devices using Kerberos, VMware Identity Manager provides a built-in Kerberos authentication method to access the KDC within the built-in identity provider without the use of a connector or a third-party system.

After you initialize the KDC and restart the service, create public DNS entries to allow the Kerberos clients to find the KDC.

To use the built-in Kerberos authentication method, you must configure both AirWatch and the VMware Identity Manager service. See the VMware Identity Manager Administration Guide, Implementing Built-in Kerberos Authentication for AirWatch-Managed iOS Devices.