With Workspace ONE, you can easily control access to your catalog and applications. With VMware Identity Manager, you can configure authentication methods, identity provider instances, default access policy rules, and network ranges.

Every time a user attempts to log in, VMware Identity Manager evaluates the default access policy rules that you have set which determines the rules that must be applied. Authentication methods are always applied in the order that you have listed within the rule. The first identity provider instance that meets the authentication method and network range requirements of the rule is applied. The user authentication request is then forwarded to the identity provider instance for authentication. If the authentication fails, then the next configured authentication method in the rule is applied.

As an administrator, if you click Access Management without configuring the integration between the VMware Identity Manager and Workspace ONE UEM, you are prompted to complete the configuration.

Click Configure to initiate the configuration. The Access management screen allows you to configure the Authentication Methods, Identity Providersand Access Policies in the VMware Identity Manger.
  1. Click Authentication Methods to configure user authentication in VMware Identity Manager. For more information, see Managing Authentication Methods to Apply to Users in https://docs.vmware.com/en/VMware-Identity-Manager/index.html.
  2. Click Identity Providers to associate the authentication methods to use in the built-in identity provider. For more information, see Using Built-in Identity Providers in https://docs.vmware.com/en/VMware-Identity-Manager/index.html.

  3. Click Access Policies to provide secure access to the users apps portal and to start Web and desktop applications. For more information, see Managing Access Policies in https://docs.vmware.com/en/VMware-Identity-Manager/index.html.

    Note: Workspace ONE UEM and VMware Identity Manager use password-grant work flow that allows access to VMware Identity Manager from Workspace ONE UEM with single sign-on (SSO).

Single Sign-On to VMware Identity Manager from Workspace ONE UEM

Workspace ONE UEM and VMware Identity Manager use password-grant work flow that allows access to VMware Identity Manager from Workspace ONE UEM with single sign-on (SSO).

The configuration settings are in VMware Identity Manager and not in Workspace ONE UEM. The exception to this process is configurations made in SaaS applications and access policies.

Requirements

The admin must have administrative roles in both Workspace ONE UEM and VMware Identity Manager.

Workflow

VMware Identity Manager and Workspace ONE UEM work in the back-end to authenticate the Workspace ONE UEM admin to VMware Identity Manager. Admins authenticate to Workspace ONE UEM with their usernames and passwords. This username and password triggers a request for an access token from VMware. After SSO is established, all configurations made in Workspace ONE UEM are stored in VMware Identity Manager.