Enterprise Mobility Management

Derived Credentials: Smart Card Access for Mobile

Smart Cards contain cryptographic credentials that allow users to authenticate without usernames and passwords. However, the physical cards — typically Personal Identity Verification (PIV) or Common Access Cards (CAC) — require a dedicated reader.  Many laptops include this reader as part of their hardware, and those that don’t can make use of a USB-based reader.

However, attempting to use PIV or CAC cards with mobile devices has, until recently, been a real challenge. The small form factor of today’s smart devices just isn’t compatible with a Smart Card reader, and external readers (often called “sleds”) are costly, only work with certain devices, and generally don’t fit today’s employee needs.

Derived credentials can solve these issues. With derived credentials, the cryptographic credential is stored securely on a mobile device, in compliance with today’s Smart Card regulations. This means no need for a dedicated reader, and much more flexibility for users.



Centrify’s derived credential solution allows mobile devices to be used for secure mobile access to apps, websites and services that require Smart Card authentication. This new capability extends Centrify’s integration of identity-based security to mobility, offering secure single sign-on (SSO) in even the most highly regulated environments.

Centrify’s support for mobile derived credentials offer the following benefits:

  • Secure CAC/PIV based SSO to cloud and on-premises apps
  • Integrated device management to manage and lock down devices
  • The ability to enroll devices and provision derived credentials to them
  • Derived credential issuance from popular certificate authorities
  • App provisioning to set up user accounts within target applications
  • Workflow to ensure only the right users get access
  • Easy deployment into existing enrollment and issuance portals
  • Compliance with FIPS 201-2 and NIST SP 800-157 to satisfy HSPD-12 and OMB-11-11, allowing mobile access to apps, websites, and services that require Smart Card authentication

For enterprises that need stronger authentication that eliminates passwords, or Federal agencies and other organizations who must meet Homeland Security Presidential Directive 12 (HSPD-12), NIST guidance and other security mandates for Smart Card authentication, Centrify’s derived credential solution provides a seamless way to provide mobile access without compromising security.