Mobile single sign-on (SSO) for Android is an implementation of the certificate authentication method for Workspace ONE UEM managed Android devices. Mobile SSO allows users to sign in to their device and securely access their Workspace ONE apps without reentering a password.
The VMware Tunnel® mobile app is installed on the Android device to add certificate and device ID information into authentication flows. The Tunnel settings are configured in the Workspace ONE UEM console to access the VMware Identity Manager service for authentication, and the service retrieves the certificate from the device for authentication.
In the Workspace ONE UEM console, you also configure the following settings.
- Android VPN profile. This profile is used to enable the per app tunneling capabilities for Android.
- Enable VPN for each app that uses the app tunnel functionality from the Workspace ONE UEM console.
- Create network traffic rules with a list of all the apps that are configured for Per App VPN, the proxy server details, and the VMware Identity Manager URL.
When implementing mobile SSO for Android with the VMware Identity Manager service on premises, you configure the cert proxy service on the VMware Identity Manager machine. After the cert proxy service is configured, you can configure certificate authentication in the VMware Identity Manager built-in identity provider from the VMware Identity Manager console.
When implementing mobile SSO for Android with the VMware Identity Manager service in the cloud, you can configure certificate authentication in the VMware Identity Manager built-in identity provider from the VMware Identity Manager console. The cert proxy service is managed for you.
See the Android Mobile Single Sign-on to VMware Workspace One publication in the Workspace ONE Documentation Center for detailed information about setting up Android Mobile SSO.