CyberArk-issued derived credentials

Smart cards contain cryptographic credentials that allow users to authenticate without user names and passwords. However, the physical cards require a dedicated reader and attempting to use smart cards with mobile devices is a real challenge. With derived credentials, the cryptographic credential is stored securely on a mobile device, in compliance with current smart card regulations. This means no need for a dedicated reader for mobile devices, and much more flexibility for users. Our derived credential solution allows mobile devices to be used for secure mobile access to applications, websites and services that require smart card authentication. This new capability extends CyberArk Identity's integration of identity-based security to mobility, offering secure single sign-on (SSO) in even the most highly regulated environments.

You can configure derived credentials to use on of the following:

  • Simple Certificate Enrollment Protocol (SCEP) with Microsoft's Network Device Enrollment Service (NDES)
  • Windows Enterprise certificate authority
  • Custom CA -- We provide the CSR and you work the CA of your choice to get the certificate.