Mobile single sign-on (SSO) for Android is an implementation of the certificate authentication method for VMware Workspace ONE^® UEM (Unified Endpoint Management) managed Android devices. Mobile single sign-on allows users to sign in to their device and securely access the VMware Workspace ONE^® Intelligent Hub app without reentering a password.

The VMware Workspace ONE^® Tunnel™ mobile app is installed on the Android device to add certificates and device ID information into authentication flows. The Tunnel settings are configured to access the VMware Workspace ONE^® Access™ service for authentication, and the Workspace ONE Access service retrieves the certificate from the device for authentication.

When implementing mobile SSO for Android with the VMware Workspace ONE Access service on premises deployments, you configure the cert proxy service on the Workspace ONE Access service. After the cert proxy service is configured, you can configure certificate authentication in the Workspace ONE Access built-in identity provider from the Workspace ONE Access console. See Authentication Approval Flow Through Cert Proxy for Android Single Sign-On.

When implementing mobile SSO for Android with the Workspace ONE Access service in the cloud, you can configure certificate authentication in the Workspace ONE Access built-in identity provider from the Workspace ONE Access console. The cert proxy service is managed for you.