When Compliance Check is enabled, you create an access policy rule that requires authentication and device compliance verification for devices managed by Workspace ONE UEM.

The compliance checking policy rule works in an authentication chain with Mobile SSO for iOS, Mobile SSO for Android, and Certificate cloud deployment. When configuring the rule, select the device authentication method to use before selecting Device Compliance in the rule.


Authentication methods configured and associated to a built-in identity provider.

Compliance checking enabled in the Workspace ONE Access Workspace ONE UEM page.


  1. In the Workspace ONE Access console Identity & Access Management tab, select Manage > Policies.
  2. Click Edit Default Policy.
  3. Click Next.
  4. Click Add Policy Rule to add a rule, or select a rule to edit.
    Option Description
    If a user's network range is Verify that the network range is correct. If adding a new rule, select the network range.
    and user accessing content from Select the mobile device type.
    and user belongs to groups If this access rule is going to apply to specific groups, search for the groups in the search box.

    If no group is selected, the access policy applies to all users.

    Then perform this action Select Authenticate using....
    then the user may authenticate using Select the mobile device authentication method to apply.

    Click + and in the drop-down menu select Device Compliance (with Workspace ONE UEM).

    If the preceding method fails or is not applicable, then Configure the fallback authentication method, if necessary.
    Re-authenticate after Select the length of the session, after which users must authenticate again.
  5. Click Save.