You configure the built-in identity provider and associate the Mobile SSO for iOS authentication method that has been configured in the Identity & Access Management Manage > Auth Methods page.

Prerequisites

Mobile SSO (for iOS) authentication configured in the Authentication Methods page.

Procedure

  1. In the Identity & Access Management tab, go to Manage > Identity Providers.
  2. Click Add Identity Provider, and select Create Built-in IDP.

    Option

    Description

    Identity Provider Name

    Enter the name for this built-in identity provider instance.

    Users

    Select which users to authentication. The configured directories are listed.

    Network

    The existing network ranges configured in the service are listed. Select the network ranges for the users based on the IP addresses that you want to direct to this identity provider instance for authentication.

    Authentication Methods

    The authentication methods that are configured on the service are displayed. Select the check box for the iOS authentication method to associate to this built-in identity provider. Add any other authentication methods.

    For Device Compliance (with Workspace ONE UEM) and Password (Workspace ONE UEM Connector), make sure that the option is enabled in the Workspace ONE UEM configuration page.

  3. In the KDC Certificate Export section, click Download Certificate. Save this certificate to a file that can be access from the Workspace ONE UEM console.

    You upload this certificate when you configure the iOS device profile in Workspace ONE UEM.

  4. Click Add.

What to do next

  • Configure the default access policy rule for Kerberos authentication for iOS devices. Make sure that this authentication method is the first method set up in the rule.

  • Go to the Workspace ONE UEM console and configure the iOS device profile in Workspace ONE UEM and add the KDC server certificate issuer certificate from VMware Identity Manager.