In VMware Identity Manager, enable device compliance in the Workspace ONE UEM configuration page and configure Device Compliance in the Manage > Auth Methods page.

When Device Compliance is configured, the access policy rules can be configured to check the Workspace ONE UEM server for device compliance status when users sign in from their devices. See Enabling Compliance Checking for Workspace ONE UEM Managed Devices.


  1. In the VMware Identity Manager console Identity & Access Management tab, select Setup > AirWatch.
  2. In the Device Compliance section, select Enable and click Save.
  3. In the Identity & Access Management tab, go to Manage > Auth Methods.
  4. In the Device Compliance (with AirWatch) Configure column, click the icon.
  5. Enable Device Compliance authentication and set the maximum number of failed login attempts. The other text boxes are pre-populated with the configured Workspace ONE UEM values.
    Option Description
    Enable Device Compliance Adapter Select this check box to enable Workspace ON UEM password authentication.
    AirWatch Admin Console URL Pre-populated with the Workspace ONE UEM URL you set up on the AirWatch configuration page.

    AirWatch API Key

    Pre-populated with the Workspace ONE UEM Admin API key.

    Certificate Used for Authentication Pre-populated with the AirWatch Cloud Connector certificate
    Password for Certificate Pre-populated with the password for the AirWatch Cloud Connector certificate.
  6. Click Save.

What to do next

Associate the Device Compliance authentication method in the built-in identity provider. See Configure Built-in Identity Providers.

Configure the default access policy to create rules to use device compliance with Workspace ONE UEM. See Configure Compliance Checking Rules.