Configure the Workspace identity provider with the users, network ranges, authentication methods, and redirect host name for Kerberos authentication.


To configure the Workspace identity provider, make sure that you complete the following tasks.

  • Users and groups located in an enterprise directory synced to Workspace ONE Access Directory.
  • Network ranges created in the Resources > Policies > Network Ranges page.
  • The Kerberos authentication method configured.


  1. In the Workspace ONE Access console Integrations > Identity Providers page, click ADD and select the identity provider labeled Workspace IDP and configure the identity provider settings.
    Option Description
    Identity Provider Name Enter the name for this built-in identity provider instance.
    Users Select the directories of users to authentication. The configured directories are listed.
    Authentication Methods After you select a directory, the User Auth service authentication methods that are associated with that directory display. Select the methods to associate to this identity provider.
    Network The existing network ranges configured in the service are listed. Select the network ranges for the users based on the IP addresses that you want to direct to this identity provider instance for authentication.
    Identity Provider Hostname Enter the host name where the Workspace ONE Access identity provider redirects to for authentication. If you are using a load balancer for Kerberos authentication, the host name is the load balancer host name.

    For example, if the load balancer host name is mylb, enter as

    If you are using a port other than 443, you can set this as Hostname:port.

  2. Click SAVE.