You can configure Workspace ONE Access so that users are required to use RADIUS (Remote Authentication Dial-In User Service) authentication when they log in to Workspace ONE.

Because RADIUS two-factor authentication solutions work with authentication managers installed on separate servers, the RADIUS server must be configured and accessible to the Workspace ONE Access service.

When users sign in to their Workspace ONE portal and RADIUS authentication is enabled, the login dialog box requests that users enter their RADIUS authentication user name and passcode. If the RADIUS server issues an access challenge, the Workspace ONE Access service displays a dialog box prompting for a second passcode.

After a user enters credentials in the dialog box, the RADIUS server can send an SMS message or email, or text using some other out-of-band mechanism to the user's cell phone. The user enters the one-time passcode into the login dialog box to complete the authentication. Currently support for RADIUS challenges is limited to prompting for text input.

If the RADIUS server provides the ability to import users from Active Directory, end users might first be prompted to supply Active Directory credentials before being prompted for a RADIUS authentication user name and passcode.