For iOS device authentication, you integrate the service with Kerberos. Kerberos authentication provides users, who are successfully signed in to their domain, access to their application portal without additional credential prompts. The iOS device authentication method uses a Key Distribution Center (KDC) without the use of a connector or a third-party system.
Workspace ONE Access Cloud tenants do not need to manage or configure the KDC.
For on premises deployments, two KDC service options are available.
- Built-in KDC. The built-in KDC requires initializing KDC on the appliance and creating public DNS entries to allow the Kerberos clients to find the KDC. For more information about enabling the built-in KDC, see the Workspace ONE Access Administration guide.
- KDC as a Workspace ONE Access cloud hosted service. Using KDC in the cloud requires selecting the appropriate realm name in the iOS authentication adapter page.
Important:
End of Availability (EoA) of Workspace ONE Access Cloud-Hosted KDC Service for hybrid deployment
VMware is announcing the End of Availability (EoA) for Workspace ONE Access Cloud-Hosted KDC service (also known as Hybrid KDC Service) for hybrid deployments. The EoA will be effective on December 15, 2023, for all Workspace ONE Access customers.
All Workspace ONE Access on-premises customers using Cloud-Hosted KDC service should plan to migrate to Workspace ONE Access in the Cloud or deploy the built-in KDC Service for their on-premises Workspace ONE Access deployments. See Using the Built-in KDC for Workspace ONE Access.Now through December 15, 2023, the Workspace ONE Access Cloud-Hosted KDC service remains available and supported.
The Support period ends on December 15, 2023, and the Cloud-Hosted KDC service will reach the End of Availability and End of Support Life. Following this date, users will be unable to authenticate against the Cloud-Hosted KDC service.
See KB article End of Availability (EOA) of Workspace ONE Access Cloud-Hosted KDC Service for Hybrid Deployments.