To set up single sign-on authentication to AirWatch managed iOS 9 mobile devices, you can set up a trust relationship between Active Directory and AirWatch and enable the Mobile SSO for iOS authentication method in VMware Identity Manager.

After you configured the certificate authority and certificate template for Kerberos certificate distribution in the Active Directory Certificate Services, you enable AirWatch to request the certificate used for authentication and add the certificate authority to the AirWatch admin console.


In the AirWatch admin console main menu, navigate to Devices > Certificates > Certificate Authorities.


Click Add.


Configure the following in the Certificate Authority page.


Make sure that Microsoft AD CS is selected as the Authority Type before you start to complete this form.




Enter a name for the new Certificate Authority.

Authority Type

Make sure that Microsoft ADCS is selected.


Select ADCS as the protocol.

Server Hostname

Enter the server hostname URL. Enter the host name in this format https://{}.

Authority Name

Enter the name of the certificate authority that the ADCS end point is connected to. This name can be found by launching the Certification Authority application on the certificate authority server.


Make sure that Service Account is selected.

Username and Password

Enter the user name and password of the AD CS admin account with sufficient access to allow AirWatch to request and issue certificates.


Click Save.

Configure the Certificate Template in AirWatch.