You configure the built-in identity provider and associate the Mobile SSO for iOS authentication method that has been configured in the Identity & Access Management Manage > Auth Methods page.

Prerequisites

Mobile SSO (for iOS) authentication configured in the Authentication Methods page.

Procedure

  1. In the Identity & Access Management tab, go to Manage > Identity Providers.
  2. Click Add Identity Provider, and select Create Built-in IDP.

    Option

    Description

    Identity Provider Name

    Enter the name for this built-in identity provider instance.

    Users

    Select which users to authentication. The configured directories are listed.

    Network

    The existing network ranges configured in the service are listed. Select the network ranges for the users based on the IP addresses that you want to direct to this identity provider instance for authentication.

    Authentication Methods

    The authentication methods that are configured on the service are displayed. Select the check box for the iOS authentication method to associate to this built-in identity provider. Add any other authentication methods.

    For Device Compliance (with AirWatch) and Password (AirWatch Connector), make sure that the option is enabled in the AirWatch configuration page.

  3. In the KDC Certificate Export section, click Download Certificate. Save this certificate to a file that can be access from the AirWatch admin console.

    You upload this certificate when you configure the iOS device profile in AirWatch.

  4. Click Add.

What to do next

  • Configure the default access policy rule for Kerberos authentication for iOS devices. Make sure that this authentication method is the first method set up in the rule.

  • Go to the AirWatch admin console and configure the iOS device profile in AirWatch and add the KDC server certificate issuer certificate from VMware Identity Manager.