To complete the configuration of the AD FS identity provider instance, incorporate the AD FS authentication methods into your access policies.
The following procedure describes an example of incorporating
AD FS authentication methods into a policy rule for Windows 10 devices. You can use this example as a guideline when configuring your own access policies.
For more information about configuring access policies and policy rules, see the Managing Workspace ONE Access User Authentication Methods guide.
Procedure
- Log in to the VMware Workspace ONE Access console with full administrator privileges.
- Select the Identity & Access Management tab. Click Manage, and then click Policies.
- Select the access policy that you want to modify and click Edit.
The Edit Policy wizard appears.
- Click Next.
- On the Configuration page, click Add Policy Rule and create a rule for Windows 10 devices.
- Specify Kerberos-based authentication as the first authentication method and Forms-based authentication as the fallback method, according to the following example. Leave the and user belongs to group(s): option blank to apply the rule to all users.
If a user's network range is: ALL RANGES
and user accessing content from: Windows 10
and user belongs to group(s):
Then perform this action: Authenticate using
then the user may authenticate using: Kerberos-based authentication
If the preceding method fails or is not applicable, then: Forms-based authentication
- Click Save.
The new policy rule appears as
Kerberos-based authentication+1 in the rules list.
- In the rules list, reorder the rules such that Kerberos-based authentication+1 appears at the top of the list as the first rule to apply. To move the rule in the list, drag the handle at the left of the rule name.
- Click Next. Review your changes and then click Save.
Results
You are now finished with configuring
AD FS as a trusted identity provider for
VMware Workspace ONE Access. Next, you must configure
VMware Workspace ONE Access as a trusted relying party for
AD FS.
