You configure the built-in identity provider and associate the Mobile SSO for iOS authentication method that is configured in the Identity & Access Management Manage > Authentication Methods page.

Prerequisites

Mobile SSO (for iOS) authentication configured in the Authentication Methods page.

Procedure

  1. In the Workspace ONE Access console Identity & Access Management tab, go to Manage > Identity Providers.
  2. Click Add Identity Provider, and select Create Built-in IDP.
    Option Description
    Identity Provider Name Enter the name for this built-in identity provider instance.
    Users Select which users to authentication. The configured directories are listed.
    Network The existing network ranges configured in the service are listed. Select the network ranges for the users based on the IP addresses that you want to direct to this identity provider instance for authentication.
    Authentication Methods The authentication methods that are configured on the service are displayed. Select the check box for the iOS authentication method to associate to this built-in identity provider. Add any other authentication methods.

    For Device Compliance (with Workspace ONE UEM) and Password (Workspace ONE UEM Connector), make sure that the option is enabled in the Workspace ONE UEM configuration page.

  3. In the KDC Certificate Export section, click Download Certificate. Save this certificate to a file that can be access from the Workspace ONE UEM admin console.
    You upload this certificate when you configure the iOS device profile in Workspace ONE UEM.
  4. Click Add.

What to do next

  • Configure the default access policy rule for Kerberos authentication for iOS devices. Make sure that this authentication method is the first method set up in the rule.
  • Go to the Workspace ONE UEM console and configure the iOS device profile in Workspace ONE UEM and add the KDC server certificate issuer certificate from Workspace ONE Access.