Users are identified uniquely by both their user name and domain when they log in to Workspace ONE Access. The default experience for users who log in to the Hub portal from Workspace ONE Access is to select the domain to which they belong on the first login page that displays.

Because users select their domain first, users that have the same user name but in different domains can log in successfully. For example, you can have a user Jane in domain and another user Jane in domain

Workspace ONE Access displays the authentication page based on the access policy rules configured for that domain.

Note: Users are not prompted to select a domain when authentication methods based on certificate authentication are configured. The authentication methods include Mobile SSO (iOS), Mobile SSO (Android), and Certificate (Cloud Deployment).

You can configure the following login settings on the Settings > Login Preferences page.

Setting Description

Show system domain on login page

This setting is enabled by default. Users are presented with the domain drop-down selection menu that lists all Active Directory domains integrated with the Workspace ONE Access server and the local System Domain directory.

If you deselect the Show the system domain on login page setting, the System Domain entry is removed from the domain drop-down menu.

Hide "Change to a different domain" link on login page

Enable this setting to hide the link Change to a different domain, if you only have one directory and the System Domain is hidden on the login page.

Use email address to sign in to Intelligent Hub

Enable this setting to let users who sign in, enter their email address from the Workspace ONE Intelligent Hub app.

Enable persistent cookies for user sessions

Enable this setting to provide single sign-on between browsers and native apps when users are using Safari View Controller on iOS devices or Chrome Custom Tabs on Android devices to log in.

The cookie timeout is configured in the access policy rules. See Enabling Persistent Cookie in Workspace ONE Access for Mobile Devices.

Sync group members to the directory when adding group

Enable this setting to sync the members of the group when the group is added from Active Directory. If Sync group members to the directory when adding group is not enabled, the group name is synced to the directory when the group is added, but members of the group are not synced until the group is entitled to an app or the group name is added to an access policy.

URL address for rendering VMware Workspace ONE Access login pages in iFrame

When an iframe is used to display apps that require authentication from Workspace ONE Access, add the trusted URL addresses that can display the Workspace ONE Access login pages.

Cache passwords

Enable this setting to provide a single sign on experience for users running Horizon, Horizon Cloud, and Citrix virtual apps from the Hub catalog. See Configuring Password Caching for Virtual Apps.

Customize sign-in prompt

You can create a custom sign-in prompt that displays in the user text box on the Workspace ONE Access sign-in page.
User Sign-in Unique Identifier

When users use a user name and password authentication method to log in from Workspace ONE Access, you can configure the sign-in unique identifier option to display the identifier-based login pages.