You can configure multiple types of authentication methods in the VMware Workspace ONE® Access™ service. You can configure single authentication methods and you can set up chained, two-factor authentication.

To use the information in this guide, familiarize yourself with the following concepts.

  • SSO (single sign-on) common protocols and terminology. For the SAML protocol, understand terminology such as XML, attributes, and nameIDFormat. For the OpenID Connect protocol, know terminology such as token, claims, JWT, and OAuth 2.
  • Multi-factor authentication implementations for Kerberos, RSA SecurID, certificate-based authentication.

You can install and manage the following types of authentication methods.

  • The Workspace ONE Access connector provides the following types of connector-based authentication methods.
    • User Auth service. When the User Auth service is installed on the connector, Password (cloud deployment), RSA SecurID (cloud deployment), and RADIUS (cloud deployment) authentication methods can be configured and associated to a built-in identity provider.
    • Kerberos Auth service. When the Kerberos Auth service is installed on the connector, Kerberos Auth service can be configured to provide the connector-based Kerberos authentication for internal users and associated in the Workspace identity provider.
  • Cloud-based authentication methods managed from the Workspace ONE Access service and associated to a built-in identity provider.
  • Authentication managed by third-party identity providers. The identity provider instance that you use with VMware Workspace ONE Access creates in-network federation authority that communicates with the service using either SAML 2.0 or OpenID Connect 1.0 protocols.

New JAN 2023 - VMware Identity Services Integration

VMware Identity Services is a new service for integrating Workspace ONE services, including Workspace ONE Access, with a third-party identity provider to provide centralized user management. VMware Identity Services is based on the System for Cross-domain Identity Management (SCIM) 2.0 protocol.

VMware Identity Services is available for new Workspace ONE tenants that do not have any existing directory or identity provider integrations.

Some features are not available in tenants that have VMware Identity Services enabled. See the Unsupported Workspace ONE Features topic in the Configuring User Provisioning and Identity Federation with VMware Identity Services guide.

For more information about VMware Identity Services, see the following links.