To authenticate users with Workspace ONE UEM, Workspace ONE Access uses a certificate that is deployed in the UEM device profile and added to the device when the device is enrolled in Workspace ONE UEM mobile device management (MDM). Users can either download the VMware Hub app from the Apple app store or administrators can configure Workspace ONE UEM to push the Hub app as a managed application to devices.

When users first enroll their device through the Safari browser or by installing Hub and then enrolling the device, they enter their corporate credentials to self-activate their device. This process adds the Workspace ONE UEM certificate to their device. The Workspace ONE Access service uses this certificate to authenticate users with Workspace ONE UEM. Users can securely access the VMware Workspace ONE Intelligent Hub app from Safari and use the springboard to launch native apps without re-entering a password.

Using Workspace ONE Intelligent Hub App to Enroll Device and Deploy the Certificate

The Hub-based enrollment process secures a connection between iOS devices and your Workspace ONE UEM environment through the Hub app. The Hub app facilitates the enrollment and then allows for real-time management and access to device information.

The following outlines the user experience when they download and install the Hub app.

  1. Users install the Hub app on their device and the device is enrolled for mobile device management.
  2. The device profile with the certificate is downloaded to the device.
  3. Users can sign in to the Workspace ONE Intelligent Hub apps, to native apps, or to a browser without having to enter their password.

See the VMware Workspace ONE UEM Introduction to Managing iOS Devices guide for options about enrolling iOS devices.