Configure an access policy rule that requires compliance checking to allow VMware Identity Manager to verify that AirWatch managed devices adhere to the AirWatch device compliance policies. You enable Compliance Check in the Built-in identity provider. When Compliance Check is enabled, you create an access policy rule that requires authentication and device compliance verification for devices managed by AirWatch.

About this task

The compliance checking policy rule works in an authentication chain with Mobile SSO for iOS, Mobile SSO for Android, and Certificate cloud deployment. The authentication method to use must precede the device compliance option in the policy rule configuration.

Prerequisites

Enable Device Compliance in the Auth Methods pages. See Enable Compliance Checking.

The authentication methods enabled in the Built-in identity provider.

Procedure

  1. In the Identity & Access Management tab, go to Manage > Policies.
  2. Select the access policy to edit.
  3. In the Policy Rules section, select the policy rule to edit.
  4. In the drop-down menu for then the user must authenticate using the following method, click + and select the authentication method to use.
  5. In the second drop-down menu for then the user must authenticate using the following method, select Device Compliance (with AirWatch).
  6. (Optional) In the Custom Error Message Text text box, create a custom message that displays when user authentication fails because of the device is not compliant. In the Custom Error Link text box, you can add a link in the message.
  7. Click Save.