You can configure multiple types of authentication methods in the VMware Workspace ONE® Access™ service. You can configure single authentication methods and you can set up chained, two-factor authentication.

To use the information in this guide, familiarize yourself with the following concepts.

  • SSO (single sign-on) common protocols and terminology. For the SAML protocol, understand terminology such as XML, attributes, and nameIDFormat. For the OpenID Connect protocol, know terminology such as token, claims, JWT, and OAuth 2.
  • Multi-factor authentication implementations for Kerberos, RSA SecurID, certificate-based authentication.

You can install and manage the following types of authentication methods.

  • The Workspace ONE Access connector provides the following types of connector-based authentication methods.
    • User Auth service. When the User Auth service is installed on the connector, Password (cloud deployment), RSA SecurID (cloud deployment), and RADIUS (cloud deployment) authentication methods can be configured and associated to a built-in identity provider.
    • Kerberos Auth service. When the Kerberos Auth service is installed on the connector, Kerberos Auth service can be configured to provide the connector-based Kerberos authentication for internal users and associated in the Workspace identity provider.
  • Cloud-based authentication methods managed from the Workspace ONE Access service and associated to a built-in identity provider.
  • Authentication managed by third-party identity providers. The identity provider instance that you use with VMware Workspace ONE Access creates in-network federation authority that communicates with the service using either SAML 2.0 or OpenID Connect 1.0 protocols.