Add Restricted Apps Access Policy in Workspace ONE Access to Authenticate with Verify (Intelligent Hub) (Cloud Only)

In Workspace ONE Access, when you require Verify (Intelligent Hub) as a second type of authentication to access apps that are restricted, you create an application-specific access policy with rules that are configured with two authentication methods. After you add the first authentication method, you add Verify (Intelligent Hub) as the second authentication method in the rule.

When users request access to an app from a device, a Verify notification is sent to the users managed or registered mobile device for approval. After they approve the request on a designated device, they can access the app from the originating device.

Note: Add a web browser rule to the default access policy to manage access to the Hub Catalog with Verify (Intelligent Hub). See Require Verify (Intelligent Hub) Authentication to Access Workspace ONE Hub Catalog (Cloud Only)

Prerequisites

Configure and enable Verify (Intelligent Hub) authentication in your Workspace ONE Access deployment. See Configure Verify (Intelligent Hub) Authentication in Workspace ONE Access (Cloud Only)
Add the web and desktop application to the Hub catalog. At least one application must be listed in the catalog page before you can add an application-specific access policy.

Procedure

In the Workspace ONE Access console, navigate to Resources > Policies and click ADD POLICY.
On the Definition page, name the policy. Click Next.
In the Applies to section, add the restricted apps that require a second authentication with Verify (Intelligent Hub) to access.

On the Configuration page, click + ADD POLICY RULE.

Option	Description
If a user's network range is	Select the network range.
and user accessing content from	Select the device type.
and user belongs to groups	If this access rule is going to apply to specific groups, search for the groups in the search box. If no group is selected, the access policy rule applies to all users.
Then perform this action	Select Authenticate using....
then the user may authenticate using	Configure the authentication method order. Select the first authentication method to use. Click + and select Verify (Intelligent Hub) as the second authentication method.
If the preceding method fails or is not applicable, then	Configure fallback authentication methods, if required.
Re-authenticate after	Select the length of the session, after which users must authenticate again.

Click Save.
Click ADD POLICY RULE to add a rule for other device types and configure the rule.
Click NEXT.
On the Configuration page, review the authentication order. You can drag the rules rows to change the order that rules are applied.

Results

After the Verify (Intelligent Hub) authentication rule is configured, when users access a restricted app, a Verify notification is sent to their managed or registered mobile device for approval. If they have more than one managed or registered device, they are asked to designate a device to receive the Verify notification.