In Workspace ONE Access, when you require Verify (Intelligent Hub) as a second type of authentication to access apps that are restricted, you create an application-specific access policy with rules that are configured with two authentication methods. After you add the first authentication method, you add Verify (Intelligent Hub) as the second authentication method in the rule.

When users request access to an app from a device, a Verify notification is sent to the users managed or registered mobile device for approval. After they approve the request on a designated device, they can access the app from the originating device.

Note: Add a web browser rule to the default access policy to manage access to the Hub Catalog with Verify (Intelligent Hub). See Require Verify (Intelligent Hub) Authentication to Access Workspace ONE Hub Catalog (Cloud Only)



  1. In the Workspace ONE Access console, navigate to Resources > Policies and click ADD POLICY.
  2. On the Definition page, name the policy. Click Next.
  3. In the Applies to section, add the restricted apps that require a second authentication with Verify (Intelligent Hub) to access.
  4. On the Configuration page, click + ADD POLICY RULE.
    Option Description
    If a user's network range is Select the network range.
    and user accessing content from Select the device type.
    and user belongs to groups If this access rule is going to apply to specific groups, search for the groups in the search box.

    If no group is selected, the access policy rule applies to all users.

    Then perform this action Select Authenticate using....
    then the user may authenticate using Configure the authentication method order.
    1. Select the first authentication method to use.
    2. Click + and select Verify (Intelligent Hub) as the second authentication method.
    If the preceding method fails or is not applicable, then Configure fallback authentication methods, if required.
    Re-authenticate after Select the length of the session, after which users must authenticate again.
  5. Click Save.
  6. Click ADD POLICY RULE to add a rule for other device types and configure the rule.
  7. Click NEXT.
  8. On the Configuration page, review the authentication order. You can drag the rules rows to change the order that rules are applied.


After the Verify (Intelligent Hub) authentication rule is configured, when users access a restricted app, a Verify notification is sent to their managed or registered mobile device for approval. If they have more than one managed or registered device, they are asked to designate a device to receive the Verify notification.