To establish the Workspace ONE out-of-box experience (OOBE) after the External Access Token is enabled and added to the built-in identity provider, you must add the External Access Token authentication method to the default access policy set.

Prerequisites

External Access token Authentication enabled as an authentication method for Built-in Identity Providers in the Identity & Access Management > Authentication Methods page.

Procedure

  1. In the VMware Identity Manager console, Identity & Access Management tab, select Manage > Policies.
  2. Click Edit Default Policy and then click Next.
  3. Select the row that lists the Workspace ONE App in the Device Type column.
    If the Workspace ONE App rule is not listed, click Add Policy Rule and create a rule with Workspace ONE App as the device type.
  4. Select the authentication methods to use to access the content from the Workspace ONE application.
    List the External Access Token authentication method as the last fallback method in the rule. When the External Access Token is detected in the authentication request, the authentication method is honored. Any other authentication methods listed after the External Access Token are not detected.
  5. Click Next to review the configuration.
  6. Click Save.
  7. On the Configuration page, review the order of the rules in the rules list. If the Workspace ONE app rule is not the first rule in the default access policy list, drag the rule to be the first row in the list.
    Workspace ONE App must be the first rule in the default access policy rules list.
  8. Click Next.
  9. Review the Summary page and click Save.