Configure an access policy rule that requires compliance checking to allow VMware Identity Manager to verify that AirWatch managed devices adhere to the AirWatch device compliance policies. You enable Compliance Check in the Built-in identity provider. When Compliance Check is enabled, you create an access policy rule that requires authentication and device compliance verification for devices managed by AirWatch.

Before you begin

The authentication methods configured in the Built-in identity provider.

About this task

The compliance checking policy rule works in an authentication chain with Mobile SSO for iOS, Mobile SSO for Android, and Certificate cloud deployment. The authentication method to use must precede the device compliance option in the policy rule configuration.

Procedure

  1. In the administration console, Identity & Access Management tab, select Setup > AirWatch.
  2. In the Compliance Check section of the AirWatch page, select Enable.
  3. Click Save.
  4. In the Identity & Access Management tab, go to Manage > Policies.
  5. Select the access policy to edit.
  6. In the Policy Rules section, select the policy rule to edit.
  7. In the drop-down menu for then the user must authenticate using the following method, click + and select the authentication method to use.
  8. In the second drop-down menu for then the user must authenticate using the following method, select Device Compliance (with AirWatch).
  9. (Optional) In the Custom Error Message Text text box, create a custom message that displays when user authentication fails because of the device is not compliant. In the Custom Error Link text box, you can add a link in the message.
  10. Click Save.