Mobile single sign-on (SSO) for Android is an implementation of the certificate authentication method for VMware Workspace ONE® UEM (Unified Endpoint Management) managed Android devices. Mobile single sign-on allows users to sign in to their device and securely access their VMware Workspace ONE® apps without reentering a password.

The VMware Tunnel™ mobile app is installed on the Android device to add certificates and device ID information into authentication flows. The Tunnel settings are configured to access the Workspace ONE Access service for authentication, and the Workspace ONE Access service retrieves the certificate from the device for authentication.

When implementing mobile SSO for Android with the VMware Workspace ONE Access service on premises, you configure the cert proxy service on the Workspace ONE Access service. After the cert proxy service is configured, you can configure certificate authentication in the Workspace ONE Access built-in identity provider from the Workspace ONE Access console.

When implementing mobile SSO for Android with the Workspace ONE Access service in the cloud, you can configure certificate authentication in the Workspace ONE Access built-in identity provider from the identity manager console. The cert proxy service is managed for you.