To achieve the single sign-on experience when users access apps from the Intelligent Hub app or from their user portal in the browser, the default access policy is configured with rules for each type of device that is used in your environment, Android, iOS, and macOS.

Each device is enabled for single sign-on using the authentication method that is specific to that device. Device compliance is chained to the device authentication method to measure the health of the managed device, resulting in a pass or fail based on Workspace ONE UEM defined criteria.

In each rule, the fallback method is password. This setup provides the best experience to manage devices, while still providing a manual sign-in option for unmanaged devices.

In the Workspace ONE Access console Identity & Access Management tab, create a rule for each device type that can be used to access Workspace ONE.

This example is for the rule to allow access from the device type iOS.

  • Network range is ALL RANGES.
  • Users can access the content from iOS.
  • No groups are added to the policy rule. All Users are supported.
  • Configure all authentication methods that are supported.
    • Authenticate using Mobile SSO (for iOS) and Device Compliance (with Workspace ONE UEM).
  • Session reauthentication after 8 hours.