Single sign on (SSO) allows end users to access Workspace ONE UEM apps, wrapped apps, and SDK-enabled apps without entering credentials for each application. Using the Workspace ONE Intelligent Hub or the AirWatch Container as a "broker application," end users authenticate once per session using their normal credentials or an SSO Passcode.

Enable SSO as part of the Security Policies that you configure to apply to all Workspace ONE UEM apps, wrapped apps, and SDK-enabled apps using a Default SDK Profile.


  1. Navigate to Groups & Settings > All Settings > Apps > Settings and Policies > Security Policies.
  2. Set Single Sign On to Enabled to allow end users to access all Workspace ONE UEM applications and maintain a persistent login.
  3. (Optional) Authentication Type to Passcode and set the Passcode Mode to either Numeric or Alphanumeric to require an SSO Passcode on the device. If you enable SSO but do not enable an Authentication Type, end users use their normal credentials (either directory service or Workspace ONE UEM account) to authenticate, and an SSO Passcode does not exist.


Once an end user authenticates with an application participating in SSO, a session establishes. The session is active until the Authentication Timeout defined in the SDK profile is reached or if the user manually locks the application.