To set up Verify (Intelligent Hub) authentication in the Workspace ONE Access service, you configure Verify (Intelligent Hub) settings and enable the authentication method in the built-in identity provider. You then configure access policy rules to authenticate with Verify (Intelligent Hub).

To verify the user's identity when you configure Verify (Intelligent Hub), you can require that biometrics or passcode identifiers be used on the device after the notification from Verify (Intelligent Hub) is approved before they can access the restricted apps.

Prerequisites

  • Workspace ONE Access integrated with Workspace ONE UEM
  • Hub Services activated with Notifications enabled.
  • Workspace ONE Intelligent Hub app 20.05 or later installed on user devices.
  • (Optional) Require device-level passcodes for managed devices and app-level passcode for registered devices.

Procedure

  1. In the Workspace ONE Access console Identity & Access Management tab, go to Manage > Authentication Methods.
    1. In the Verify (Intelligent Hub) Configure row, click the pencil icon.
    2. Configure the Verify settings.
      Option Description
      Enable Verify (Intelligent Hub) Enable Verify authentication on the built-in identity provider on the service.
      MFA Action Timeout in Seconds Enter the time in seconds to wait for a response before the request expires. The timeout can be set from 30 and 90 seconds. The recommended time is 60 seconds.

      Make sure that the timeout setting is long enough to allow the user to enter the biometric identification.

      Enhanced Verification on Managed Devices Enable this to require users with managed devices to enter a biometric or passcode identifier, after Verify notification is approved, before they can access the restricted apps.
      Enhanced Verification on Registered Devices Enable this to require users with registered devices to enter a biometric or passcode identifier, after Verify notification is approved, before they can access the restricted apps.
      Enhanced Verification on Requests from Mobile Devices Enable this so that requests from sent from mobile devices require biometric or passcode identifier after the Verify notification is approved.
    3. ClickSave.
  2. Navigate to Manage > Identity Providers, and select the Built-in identity provider that you already configured.
    1. In the Authentication Methods section, select Verify (Intelligent Hub).
    2. Click Save.

What to do next

Create the access policy rules.

To use Verify (Intelligent Hub) authentication to access the Hub catalog from a web browser, you add an access policy rule to the default access policy. See Require Verify (Intelligent Hub) Authentication to Access Workspace ONE Hub Catalog (Cloud Only).

To use Verify (Intelligent Hub) authentication to access apps from mobile devices, you create an application-specific access policy, add the restricted apps names to the policy, and create a rule for each mobile device type. See Add Restricted Apps Access Policy to Authenticate with Verify (Intelligent Hub) (Cloud Only)