In the built-in identity provider, configure the users, network ranges, and authentication methods that users use for single sign-on to their apps portal.

A built-in identity provider is automatically created when you set up a directory in the Directory Sync service and selected to set up the password authentication method for the directory. If you did not select to set up password authentication, you can create the built-in identity provider.


To configure the built-in identity provider, make sure that the following are set up.

  • Users and groups located in an enterprise directory synced to the Workspace ONE Access directory.
  • Network ranges created in the Policies > Network Ranges page.
  • The authentication methods to be used in the built-in identity provider configured.


  1. In the Workspace ONE Access console Identity & Access Management tab, go to Manage > Identity Providers.
  2. Select the identity provider labeled Built-in and configure the identity provider details.
    Option Description
    Identity Provider Name Enter the name for this built-in identity provider instance.
    Users Select the directory of the users to authentication from the list of configured directories. Only one directory can be selected.
    Connector Authentication Methods After you select a directory, the User Auth service authentication methods that are associated with that directory display. Select the methods to associate to this identity provider.
    Authentication Methods The authentication methods that are configured in the Identity & Access Management Manage > Authentication Methods page are displayed. Select the check box for the authentication methods to associate to the identity provider.

    For Device Compliance (with Workspace ONE UEM) and Password (AirWatch Connector), make sure that the option is enabled in the Workspace ONE UEM configuration page.

    Network The existing network ranges configured in the service are listed. Select the network ranges for the users based on the IP addresses that you want to direct to this identity provider instance for authentication.
    KDC Certificate Export When the Mobile SSO (iOS) authentication method associated with the built-in identity provider, you download the KDC certificate.
  3. Click Add.

What to do next

Make sure that all authentication methods are associated with an access policy rule.