The Identity and Access Management tab in the Workspace ONE Access console is where you can set up and manage the authentication methods, access policies, directory service, and integrate with Workspace ONE UEM.

The following is a description of the setup settings in the Identity and Access Management tab.

Table 1. Identity and Access Management Set Up Settings
Setting Description

Setup > Connectors

The Connectors page lists the connectors that are deployed inside your enterprise network. The Workspace ONE Access connector is an on-premises component of Workspace ONE Access that integrates with your on-premises infrastructure.

The following enterprise services can be installed on a connector.

  • Directory Sync service that syncs users from Active Directory or LDAP directories to the Workspace ONE Access service.
  • User Auth service that provides connector-based authentication methods, including Password (cloud deployment, RSA SecurID (cloud deployment), and RADUS (cloud deployment).
  • Kerberos Auth service that provides Kerberos authentication for internal users.
Setup > Custom Branding In the Custom Branding page, you can customize the appearance of the Workspace ONE Access console header and sign-in screen.
Note: You customize the look and add a logo that displays in the Workspace ONE Intelligent Hub app or Hub portal view from the Hub Services console, Branding page.
Setup > User Attributes The User Attributes page lists the default user attributes that sync in the directory. You can add other attributes that you can map to Active Directory attributes. See the Directory Integration with VMware Workspace ONE Access guide.
Setup > Auto Discovery

For on-premises deployment, when Workspace ONE Access and Workspace ONE UEM are integrated, you can integrate the Windows Autodiscovery service that you deployed in your Workspace ONE UEM configuration with the Workspace ONE Access service. For more details about setting up auto discovery in Workspace ONE UEM in on-premises deployments, see the Workspace ONE UEM documentation Auto discovery Service Installation Guide.

For cloud deployments, you can register your email domain to use the auto-discovery service to make it easier for users to access their apps portal using Workspace ONE Intelligent Hub. End users can enter their email addresses instead of the organization's URL when they access their apps portal through Workspace ONE Intelligent Hub.

Setup > Okta On this page, you can enter your Okta tenant information to connect Workspace ONE Access to the Okta tenant and retrieve apps from Okta. See Integrating VMware Workspace ONE with Okta for configuration information.
Setup > VMware Workspace ONE UEM On this page, you can set up integration with Workspace ONE UEM. You can enable the catalog settings with UEM, enable compliance check to verify that managed devices adhere to Workspace ONE UEM compliance policies, and enable user password authentication through the AirWatch Cloud Connector (ACC). See Guide to Deploying VMware Workspace ONE with Workspace ONE Access guide on the Workspace ONE Documentation page.
Setup > Preferences The Preferences page displays features that the admin can enable. This page includes the following preferences.
  • Enable Show that the System Domain on Login Page .
  • Enable persistent cookies. The persistent cookie stores users' sign-in session details so that users do not need to reenter their user credentials when accessing their managed resources from their iOS or Android mobile devices. See the Managing User Authentication Methods guide.
  • Enable Hide Domain Drop-Down Menu, when you do not want to require users to select their domain before they log in.
  • Select the User Sign-in Unique Identifier option to display the identifier-based login page. See Managing the User Login Experience in Workspace ONE Access.
  • Customize the Sign-in Input Prompt can be used to customize the prompt in the user text box on the sign-in screen.
  • Enable Sync Group Members to the Directory when Adding Groups to sync the members in the groups from Active Directory. When this is disabled, names are synced, but members of the group are not.
  • Enable User Sign-in Unique Identifier to hide the domain request page.
Setup > Terms of Use On this page, you can set up Workspace ONE terms of use and ensure that end users accept these terms of use before using the Workspace ONE Intelligent Hub portal.

The following is a description of the settings to use to manage the services in the Identity and Access Management tab.

Table 2. Identity and Access Management Manage Settings
Setting Description
Manage > Directories

The Directories page lists directories that you created. You create one or more directories and then sync those directories with your enterprise directory deployment. On this page, you can see the number of groups and users that are synced to the directory and the last sync time. You can click Sync Now, to start the directory sync.

When you click a directory name, you can edit the sync settings, navigate the Identity Providers page, and view the sync log.

From the directories sync settings page, you can manage the following.

  • Schedule the sync frequency.
  • View the list of domains associated with this directory.
  • Change the mapped attributes list.
  • Update the user and groups list that syncs.
  • Set the safeguard targets.

See the Directory Integration with VMware Workspace ONE Access guide.

Manage > Identity Providers You can configure and manage the following identity provider types on this page.
  • Workspace ONE Access identity provider for Kerberos authentication
  • Built-in identity provider for User Auth authentication methods and authentication methods managed by Workspace ONE Access
  • Third-party identity providers

See the Managing Workspace ONE Access User Authentication Methods guide.

Manage > Password Recovery Assistant On the Password Recovery Assistant page, you can change the default behavior when "Forgot password" is clicked in the sign-in screen by the end user.
Manage > Authentication Methods The Authentication Methods page is used to configure cloud authentication methods associated to the Workspace ONE Access service. These authentication methods are then associated with the built-in identity providers. See Managing Authentication Methods for Identity Providers for configuration information.
Manage > Policies

The Policies page lists the default access policy and any other Web application access policies you created. You also configure the network ranges to use from this page.

Policies are a set of rules that specify criteria that must be met for users to access their Workspace ONE Intelligent Hub portal or to launch Web applications that are enabled for them. You can edit the default policy. If Web applications are added to the catalog, you can add new policies to manage access to these Web applications. See Managing Access Policies for more information about access policies.

Manage > Enterprise Authentication Methods The User Auth service and Kerberos Auth service authentication methods are configured and managed from this page. See Managing User Authentication Methods in VMware Workspace ONE Access.