Authentication of users is important to maintain data security and access control. Applications are often installed on a client device as a managed application. Managed applications can be installed at the request of an enterprise mobility management (EMM) system. An EMM system can initiate installation of an application on a client device once the client device is enrolled with the EMM system as a managed device. Enrolling the client device as a managed device grants the EMM infrastructure certain privileges to manage, monitor, or otherwise oversee the operation of the managed device. In an enterprise environment, such as a corporate environment in which devices are issued to employees of a company, an administrator can initiate installation of various applications on a client device that provide various functionality to users that are associated with the enterprise.
For example, the EMM infrastructure can initiate installation of an application on a client device by instructing the client device to download and install the application from an application repository, such as a public application marketplace from which software can be downloaded or purchased. In some instances, an enterprise may have a number of applications that administrators can make available to the users within the enterprise. One or more of these applications can require a user to authenticate his or her identity in order to use the application or access resources locally or over a network using the application. To facilitate user authentication, an EMM infrastructure can distribute an authentication key to a managed application that the managed application can use to authenticate the identity of a user account associated with a particular client device. Accordingly, secure distribution of an authentication key can be desirable to facilitate authentication of the installations of managed applications.