Mobile SSO works with apps that are accessed from the cloud. To enable one touch access, use Security Assertion Markup Language (SAML) to authenticate a user between the identity provider and the service provider in the cloud. As long as the device accessing the app has a live Workspace ONE app connection, the user does not need to authenticate to use the app.

Workspace ONE offers mobile SSO for iOS and Android resources.

  • iOS - Uses a key distribution center (KDC) without the use of a connector or a third-party system. Kerberos authentication provides users, who are successfully signed in to their domain, access to their Workspace ONE apps portal without additional credential prompts.

  • Android - Uses certificate authentication and the VMware Tunnel mobile app. The VMware Tunnel client is configured to access the VMware Identity Manager service for authentication. The tunnel client uses the client certificate to establish a mutually authenticated SSL session and the VMware Identity Manager service retrieves the client certificate for authentication.