Configure the Workspace identity provider with the users, network ranges, authentication methods, and redirect host name for Kerberos authentication.


To configure the Workspace identity provider, make sure that the following are set up.

  • Users and groups located in an enterprise directory synced to Workspace ONE Access Directory.
  • Network ranges created in the Resources > Policies > Network Ranges page.
  • The Kerberos authentication method configured.


  1. In the Workspace ONE Access console Components > Identity Provider page, select the identity provider labeled Workspace IDP and configure the identity provider settings.
    Option Description
    Identity Provider Name Enter the name for this built-in identity provider instance.
    Users Select the directories of users to authentication. The configured directories are listed.
    Authentication Methods After you select a directory, the User Auth service authentication methods that are associated with that directory display. Select the methods to associate to this identity provider.
    Network The existing network ranges configured in the service are listed. Select the network ranges for the users based on the IP addresses that you want to direct to this identity provider instance for authentication.
    IdP Hostname Enter the hostname where the Workspace ONE Access identity provider redirects to for authentication. If you are using a load balancer for Kerberos authentication, the host name is the load balancer host name.

    For example, if the load balancer hostname is mylb, enter as

    If you are using a port other than 443, you can set this as Hostname:port.

  2. Click Add.