In the VMware Identity Manager console, you can enable the VMware Verify service as the second authentication method when two-factor authentication is required.
You enable VMware Verify in the Built-in identity provider in the VMware Identity Manager console and add the VMware Verify security token you receive from VMware support.
You configure two-factor authentication in the access policy rules to require users to authenticate using two authentication methods.
Users install the VMware Verify application on their devices and provide a phone number to register their device with the VMware Verify service. The device and phone number are also registered in the User & Groups user profile in the VMware Identity Manager console.
Users enroll their account once when they sign in using password authentication first and then enter the VMware Verify passcode that displays on their device. After the initial authentication, users can authenticate through one of these three methods.
- Push approval with OneTouch notification. Users approve or deny access from VMware Identity Manager with one click. Users click either Approve or Deny on the message that is sent.
- Time-based One Time Password (TOTP) passcode. A one-time passcode is generated every 20 seconds. Users enter this passcode on the sign-in screen.
- Text message. Phone SMS is used to send a one-time verification code in a text message to the registered phone number. Users enter this verification code on the sign-in screen.
VMware Verify uses a third-party cloud service to deliver this feature to user devices. To do so, user information such as name, email, and phone number are stored in the service but not used for any purpose other than to deliver the feature.