You configure the authentication methods in the service that can be used in the built-in identity providers. These authentication methods do not require the use of an on-premises connector.

When you configure the built-in identity provider, you enable the authentication methods to use.

The following authentication methods do not require a connector. You enable and configure the authentication methods in the Identity & Access Management Manage > Auth Methods pages and associate the authentication method to a built-in identity provider.

  • Workspace ONE UEM External Access Token
  • Mobile SSO for iOS
  • Certificate (Cloud Deployment)
  • Password using the AirWatch Connector
  • VMware Verify for two-factor authentication
  • Mobile SSO for Android
  • Device Compliance with Workspace ONE UEM
  • Password (Local Directory)

After you enable the authentication methods, you create access policies to apply to these authentication methods.

Disabling Auth Methods Associated to Built-In Identity Providers

You can disable authentication methods that you configured from the Auth Methods page. When you disable an authentication method, if the authentication method is associated with any identity provider, the authentication method is disabled in that identity provider. The authentication method is also removed as an option in all the access policy rules.

Important: If the authentication method you disabled was configured in an access policy rule, the access policy rule must be updated to select another authentication method. If the access policy rule is not updated, users might not be able to sign in to their apps portal or access their resources.

To disable an authentication for specific built-in identity providers, in the built-in identity provider configuration page, deselect the box for the associated authentication method.