When Compliance Check is enabled, you create an access policy rule that requires authentication and device compliance verification for devices managed by Workspace ONE UEM.

The compliance checking policy rule works in an authentication chain with Mobile SSO for iOS, Mobile SSO for Android, and Certificate cloud deployment. When configuring the rule, the authentication method to use must precede the device compliance method.

Prerequisites

Authentication methods configured and associated to a built-in identity provider.

Compliance checking enabled in the VMware Identity Manager AirWatch page.

Procedure

  1. In the VMware Identity Manager console Identity & Access Management tab, select Manage > Policies.
  2. Click Edit Default Policy.
  3. Click Next.
  4. Click Add Policy Rule to add a rule, or select a rule to edit.
    Option Description
    If a user's network range is Verify that the network range is correct, If adding a rule, select the network range.
    and user accessing content from Select the mobile device type.
    and user belongs to groups If this access rule is going to apply to specific groups, search for the groups in the search box.

    If no group is selected, the access policy applies to all users.

    Then perform this action Select Authenticate using....
    then the user may authenticate using Select the mobile device authentication method to apply.

    Click + and in the drop-down menu select Device Compliance (with AirWatch).

    If the preceding methods fails or is not applicable, then Configure the fallback authentication method, if necessary.
    Re-authenticate after Select the length of the session, after which users must authenticate again.
  5. Click Save.