Multiple types of authentication methods can be configured in the VMware Workspace ONE Access™ service, formerly known as VMware Identity Manager. You can configure a single authentication method and you can set up chained, two-factor authentication.

To use the information in this guide, familiarize yourself with the following concepts.

  • SSO (single sign-on) common protocols and terminology. For the SAML protocol, know terminology such as XML, attributes, and nameIDFormat. For the OpenID Connect protocol, know terminology such as token, claims, JWT, and OAuth 2.
  • Multi-factor authentication implementations for Kerberos, RSA SecurID, certificate-based authentication.

You can manage the following types of authentication services.

  • User Auth service. User Auth service provides Password (cloud deployment), RSA SecurID (cloud deployment), and RADIUS (cloud deployment) authentication methods associated to the service from a built-in identity provider.
  • Kerberos Auth service. Kerberos Auth service provides the connector-based Kerberos authentication for internal users managed from the Workspace ONE Access identity provider.
  • Cloud-based authentication methods managed from the Workspace ONE Access service and associated to a built-in identity provider.
  • Authentication managed by third-party identity providers. The identity provider instance that you use with VMware Workspace ONE Access creates an in-network federation authority that communicates with the service using either SAML2.0 or OpenID Connect 1.0 protocols.