You can enable single sign on for applications including XR Hub and 3rd party apps to run on your VR headsets.
SSO for native Android applications with Workspace ONE XR Hub requires that a device is either a dedicated device or a shared device that has been checked out to a user. There are several steps to setting up SSO for native Android applications with Workspace ONE XR Hub.
Note: Please ensure that your organization has Implemented Mobile Single Sign-On Authentication for Workspace ONE UEM Managed Android Devices before proceeding with the following steps.
Log in to the Workspace One Access Admin Console as your tenant admin.
Navigate to Resources > Policies.
Add the Workspace ONE Tunnel (Tunnel) client to Workspace ONE UEM to provide mobile SSO capabilities to XR Hub enrollment. After upload, Tunnel can then be assigned to a group of users or devices (smart groups). Additional deployment assignments can be added in the future by Selecting Add Assignment.
In the Distribution tab, enter the following information:
|Name||Enter an assignment name for the deployment assignment.|
|Description||Enter the assignment description.|
|Assignment Groups||Enter the smart group name(s) for your VR headsets to receive the deployment.|
|Deployment Begins On||For a typical as-soon-as-enrolled deployment choose the current date/time.|
|App Delivery Method||For a typical as-soon-as-enrolled deployment choose Automatic.|
In the Restrictions tab, enable the Managed Access slider.
Configure the following settings.
Port - 8443 or the appropriate port if Per App VPN is being used.
Configure Connection Info with the following settings.
|Connection Type||Accept “Default - Workspace ONE Tunnel”|
|Connection Name||Accept the Default or it can be changed per your preferences.|
|Server||Accept the Default.|
|Device Traffic Rules||Select the rules that have been created if using Per App VPN.|
Select Custom Settings and Select ADD.
Copy and paste the following XML into the custom settings field to enable the Tunnel App to start without confirmation.
<characteristic type="com.airwatch.android.androidwork.app:com.airwatch.tunnel" uuid="PASTE YOUR UUID HERE"> <parm name="DisplayPrivacyDialog" value="false" type="boolean" /> <parm name="DisplayWelcomeScreen" value="false" type="boolean" /> <parm name="FilterDiagnosticsView" value="true" type="boolean" /> </characteristic>
Configure the following settings:
a. Under Device Traffic Rule Sets Select Edit and Select Default.
b. For Application, All Other Apps, change the Action to “BYPASS”.
c. Select Add Rule.
|Application||Select the application(s) for which to enable SSO|
|Action||Change the setting to PROXY.|
|Web Proxy||Enter the web proxy address:
|Destination||Enter the FDQN of the Workspace ONE Access server with a wildcard asterisk. For example:
d. Select Save, OK and then Close.
With Workspace ONE Tunnel deployed and configured on your VR devices, you can now take advantage of not just Mobile SSO but also per-app VPN. This capability provides specific application secure access into the corporate network from outside.
Per App VPN requires the installation and configuration of one or more VMware Unified Access Gateways (UAG). Refer to the Introduction to VMware Tunnel documentation for steps on how to setup the UAG appliance and configuring the Tunnel service. These steps are not needed if simply using the Workspace ONE Tunnel client for Mobile SSO.