You can create an access policy rule that requires authentication and device compliance verification for devices managed by Workspace ONE UEM.

The compliance checking policy rule works in an authentication chain with Mobile SSO for iOS, Mobile SSO for Android, and Certificate cloud deployment. When configuring the rule, the authentication method to use must precede the device compliance method.


Authentication methods configured and associated to a built-in identity provider.

Compliance checking enabled in the Workspace ONE Access Workspace ONE UEM page.


  1. In the Workspace ONE Access console Resources > Policies page, click EDIT DEFAULT POLICY.
  2. Click NEXT.
  3. Click ADD POLICY RULE to add a rule, or select a rule to edit.
    Option Description
    If a user's network range is Verify that the network range is correct. If adding a rule, select the network range.
    and user accessing content from Select the mobile device type.
    and user belongs to groups If this access rule is going to apply to specific groups, search for the groups in the search box.

    If no group is selected, the access policy applies to all users.

    Then perform this action Select Authenticate using....
    then the user may authenticate using Select the mobile device authentication method to apply.

    And then click + and in the drop-down menu select Device Compliance (with Workspace ONE UEM).

    Re-authenticate after Select the length of the session, after which users must authenticate again.
  4. Click Save.