You configure the built-in identity provider and associate the provider with the Mobile SSO for iOS authentication method that has been configured in Workspace ONE Access console.

Prerequisites

Mobile SSO for iOS authentication configured in Workspace ONE Access on the Authentication Methods page.

Procedure

  1. In the Workspace ONE Access console, select Identity & Access Management and with the Manage page selected, click Identity Providers.
  2. Click Add Identity Provider, and select Create Built-in IDP.
    Option Description
    Identity Provider Name Enter the name for this built-in identity provider instance.
    Users Select which users to authentication. The configured directories are listed.
    Network The existing network ranges configured in the service are listed. Select the network ranges for the users based on the IP addresses that you want to direct to this identity provider instance for authentication.
    Authentication Methods The authentication methods that are configured on the service are displayed. Select the check box for the iOS authentication method to associate to this built-in identity provider. Add any other authentication methods.

    For Device Compliance (with Workspace ONE UEM) and Password (for Workspace ONE UEM Connector), make sure that the option is enabled in the Workspace ONE UEM configuration page.

  3. In the KDC Certificate Export section, click Download Certificate. Save this certificate to a file that can be access from the Workspace ONE UEM console.
    You upload this certificate when you configure the iOS device profile in Workspace ONE UEM.
  4. Click Add.

What to do next

  • Configure the default access policy rule for Kerberos authentication for iOS devices. Make sure that this authentication method is the first method set up in the rule.
  • Go to the Workspace ONE UEM console and configure the iOS device profile in Workspace ONE UEM and Workspace ONE Access add the KDC server certificate issuer certificate from .