To establish the Workspace ONE Intelligent Hub out-of-box experience (OOBE) after the External Access Token is enabled and added to the built-in identity provider, you must add the External Access Token authentication method to the default access policy configured in the Workspace ONE Access console.

Prerequisites

External Access Token Authentication enabled as an authentication method for Built-in Identity Providers in the Integrations > Authentication Methods page.

Procedure

  1. In the Workspace ONE Access console Resources > Policies page, click Edit Default Policy and then click Next.
  2. Select the row that lists Apps on Workspace ONE Intelligent Hub in the Device Type column.
    If this rule is not listed, click Add Policy Rule and create a rule with Apps on Workspace ONE Intelligent Hub as the device type.
  3. Select the authentication methods to use to access the content from the Workspace ONE Intelligent Hub app.
    List the External Access Token authentication method as the last fallback method in the rule. When the External Access Token is detected in the authentication request, the authentication method is honored. Any other authentication methods listed after the External Access Token are not detected.
  4. Click Next to review the configuration.
  5. Click Save.
    Figure 1. Access Policy Rule using the External Access Token
    External Access Token authentication configured in an access policy
  6. On the Configuration page, review the order of the rules in the rules list. If the Workspace ONE app rule is not the first rule in the default access policy list, drag the rule to be the first row in the list.
    Workspace ONE App must be the first rule in the default access policy rules list.
  7. Click Next.
  8. Review the Summary page and click Save.