Managing Mobile App Certificates

Mobile app certificates are managed similarly to smart cards, in that:

  • They can be enrolled in the User Portal. (This setting must be enabled; for details, see Setting Parameters for Devices.)

  • They can be managed in the Help Desk.

However, they differ with respect to smart cards in that:

  • Only basic Help Desk operations (Hold/Resume/Applications Update/Terminate) are available.

  • Only basic operations are available in the User Portal (for example, device update, but no reporting of a lost device).

  • There is no PIN application.

  • Enrollment of mobile app certificates is not available in the Operator Portal.

Mobile devices containing mobile app certificates are considered “secondary” devices, as opposed to smart cards or smart USB keys being “primary” devices. This means that mobile app certificates can only be issued for users that already have a primary device. In a FIPS 201 Federal Information Processing Standard 201 (NIST standard for HSPD-12/PIV).-compliant environment, these mobile app certificates are considered “derived PIV Personal Identity Verification (technical standard of "HSPD-12") credentials.” For more information, refer to About Derived Credentials.

Note:

  • For mobile app certificates, this version of ActivID CMS supports Apple devices (phones, tablets) running iOS 10 or higher.

  • For the issuance of mobile app certificates, this version of ActivID CMS supports both the Microsoft and Entrust Certificate Authorities. Please contact your HID Global reseller for information about extended environment support.

Topics in this section: