Configure single sign-on for Android devices to allow users to sign in securely to enterprise apps, without entering their password.

About this task

To configure single-sign-on for Android devices, you do not need to configure the AirWatch Tunnel, but you configure single sign-on using many of the same fields

Prerequisites

  • Android 4.4 or later

  • Applications must support SAML or another supported federation standard

Procedure

  1. In the AirWatch admin console, navigate to System > Enterprise Integration > AirWatch Tunnel.
  2. The first time you configure AirWatch Tunnel, select Configure and follow the configuration wizard. Otherwise, select Override and select the Enable AirWatch Tunnel check box. Then click Configure.
  3. In the Configuration Type page, enable Per-App Tunnel (Linux Only). Click Next.

    Leave Basic as the deployment model.

  4. In the Details page, enter a dummy value in the text box, as this field is not required for the single sign-on configuration. Click Next.
  5. In the SSL page, configure the Per-App Tunneling SSL Certificate. To use a public SSL, select the Use Public SSL Certificate check box. Click Next.

    The Tunnel Device Root Certificate is automatically generated.

    Note:

    SAN certificates are not supported. Make sure that your cert is issued for the corresponding server host name or is a valid wildcard certificate for the corresponding domain.

  6. In the Authentication page, select the certificate authentication type to use. Click Next.

    Option

    Description

    Default

    Select Default to use the AirWatch issued certificates.

    Enterprise CA

    A drop-down menu listing the certificate authority and certificate template that you configured in AirWatch is displayed. You can also upload the root certificate of your CA.

    If you select Enterprise CA, make sure that the CA template contains the subject name CN=UDID. You can download the CA certificates from the AirWatch Tunnel configuration page.

  7. Click Next.
  8. In the Profile Association page, associate an existing or create a new AirWatch Tunnel VPN profile for Android.

    If you create the profile in this step, you still must publish the profile. See Configure Android Profile in AirWatch.

  9. Review the summary of your configuration and click Save.

    You are directed to the system settings configuration page.