Mobile single sign-on (SSO) for Android is an implementation of the certificate authentication method for VMware Workspace ONE® UEM (Unified Endpoint Management) managed Android devices. Mobile single sign-on allows users to sign in to their device and securely access their VMware Workspace® ONE® apps without reentering a password.

The VMware Tunnel® mobile app is installed on the Android device to add certificates and device ID information into authentication flows. The Tunnel settings are configured to access the VMware Identity Manager service for authentication, and the VMware Identity Manager service retrieves the certificate from the device for authentication.

When implementing mobile SSO for Android with the VMware Identity Manager service on premises, you configure the cert proxy service on the VMware Identity Manager service. After the cert proxy service is configured, you can configure certificate authentication in the VMware Identity Manager built-in identity provider from the VMware Identity Manager console.

When implementing mobile SSO for Android with the VMware Identity Manager service in the cloud, you can configure certificate authentication in the VMware Identity Manager built-in identity provider from the identity manager console. The cert proxy service is managed for you.