When you require two authentication methods to access the Hub catalog from a web browser, you add a rule to the Workspace ONE Access default access policy and configure the rule with two authentication methods. The Web Browser device rule is configured with Verify (Intelligent Hub) as the second authentication method.

When users attempt to access to the Hub catalog from a device, a Verify notification is sent to the users managed or registered mobile device for approval. After they approve the request on a designated device, they can access the Hub catalog from the originating device.



  1. In the Workspace ONE Access console, Resources > Policies page, click EDIT DEFAULT POLICY.
  2. On the Definition page, verify the default policy name and click Next.
    The Applies to section is left blank. All apps that are not restricted in another access policy are available in the Hub Catalog.
  3. On the Configuration page, click + ADD POLICY RULE.
    Option Description
    If a user's network range is Select the network range.
    and user accessing content from Select Web Browser as the device type.
    and user belongs to groups If this access rule is going to apply to specific groups, search for the groups in the search box.

    If no group is selected, the access policy rule applies to all users.

    Then perform this action Select Authenticate using....
    then the user may authenticate using Configure the authentication method order.
    1. Select the first authentication method.
    2. Click + and select Verify (Intelligent Hub) as the second authentication method.
    If the preceding method fails or is not applicable, then Configure fallback authentication methods.
    Re-authenticate after Select the length of the session, after which users must authenticate again.
  4. Click Save.
  5. On the Configuration page, review the authentication order. You can drag the rules rows to change the order that rules are applied.