The Identity and Access Management tab in the Workspace ONE Access console is where you can set up and manage the authentication methods, access policies, directory service, and integrate with Workspace ONE UEM.
The following is a description of the setup settings in the Identity and Access Management tab.
Setup > Connectors
The Connectors page lists the connectors that are deployed inside your enterprise network. The Workspace ONE Access connector is an on-premises component of Workspace ONE Access that integrates with your on-premises infrastructure.
The following enterprise services can be installed on a connector.
|Setup > Custom Branding||In the Custom Branding page, you can customize the appearance of the Workspace ONE Access console header and sign-in screen.
Note: You customize the look and add a logo that displays in the Workspace ONE Intelligent Hub app or Hub portal view from the Hub Services console, Branding page.
|Setup > User Attributes||The User Attributes page lists the default user attributes that sync in the directory. You can add other attributes that you can map to Active Directory attributes. See the Directory Integration with VMware Workspace ONE Access guide.|
|Setup > Auto Discovery||
For on-premises deployment, when Workspace ONE Access and Workspace ONE UEM are integrated, you can integrate the Windows Autodiscovery service that you deployed in your Workspace ONE UEM configuration with the Workspace ONE Access service. For more details about setting up auto discovery in Workspace ONE UEM in on-premises deployments, see the Workspace ONE UEM documentation Auto discovery Service Installation Guide.
For cloud deployments, you can register your email domain to use the auto-discovery service to make it easier for users to access their apps portal using Workspace ONE Intelligent Hub. End users can enter their email addresses instead of the organization's URL when they access their apps portal through Workspace ONE Intelligent Hub.
|Setup > Okta||On this page, you can enter your Okta tenant information to connect Workspace ONE Access to the Okta tenant and retrieve apps from Okta. See Integrating VMware Workspace ONE with Okta for configuration information.|
|Setup > VMware Workspace ONE UEM||On this page, you can set up integration with Workspace ONE UEM. You can enable the catalog settings with UEM, enable compliance check to verify that managed devices adhere to Workspace ONE UEM compliance policies, and enable user password authentication through the AirWatch Cloud Connector (ACC). See Guide to Deploying VMware Workspace ONE with Workspace ONE Access guide on the Workspace ONE Documentation page.|
|Setup > Preferences||The Preferences page displays features that the admin can enable. This page includes the following preferences.
The following is a description of the settings to use to manage the services in the Identity and Access Management tab.
|Manage > Directories||
The Directories page lists directories that you created. You create one or more directories and then sync those directories with your enterprise directory deployment. On this page, you can see the number of groups and users that are synced to the directory and the last sync time. You can click Sync Now, to start the directory sync.
When you click a directory name, you can edit the sync settings, navigate the Identity Providers page, and view the sync log.
From the directories sync settings page, you can manage the following.
See the Directory Integration with VMware Workspace ONE Access guide.
|Manage > Identity Providers||You can configure and manage the following identity provider types on this page.
See the Managing Workspace ONE Access User Authentication Methods guide.
|Manage > Password Recovery Assistant||On the Password Recovery Assistant page, you can change the default behavior when "Forgot password" is clicked in the sign-in screen by the end user.|
|Manage > Authentication Methods||The Authentication Methods page is used to configure cloud authentication methods associated to the Workspace ONE Access service. These authentication methods are then associated with the built-in identity providers. See Managing Authentication Methods for Identity Providers for configuration information.|
|Manage > Policies||
The Policies page lists the default access policy and any other Web application access policies you created. You also configure the network ranges to use from this page.
Policies are a set of rules that specify criteria that must be met for users to access their Workspace ONE Intelligent Hub portal or to launch Web applications that are enabled for them. You can edit the default policy. If Web applications are added to the catalog, you can add new policies to manage access to these Web applications. See Managing Access Policies for more information about access policies.
|Manage > Enterprise Authentication Methods||The User Auth service and Kerberos Auth service authentication methods are configured and managed from this page. See Managing User Authentication Methods in VMware Workspace ONE Access.|