Virtual Private Networks (VPNs) are a common means of establishing trust and user identity within corporate networks. The application of VPNs to mobile devices has made it possible for enterprises to get the same level of trust from mobile devices. However, many enterprise productivity applications reside outside conventional enterprise network boundaries, in cloud-based services. There is therefore a need to be able to access these services securely too, without having to establish their user identity individually with each service (most commonly by entering passwords to login to each such service).
VPNs typically establish user identity through the use of a pre-established secure credential on the user's device that is unlocked by the user entering a password or PIN, or more recently through biometrics, such as using the device to read a fingerprint. Such credentials are commonly in the form of PKI keys and certificates provisioned on the devices with the help of an Enterprise Mobility Management (EMM) solution.