You must edit the default policy rules to add the Android Mobile SSO authentication method you configured.

See Managing Access Policies in the Workspace ONE Access Managing User Authentication Methods guide to learn more about setting up policy rules on the Workspace ONE Access documentation page.


  1. In the Workspace ONE Access console Identity & Access Management tab, select Manage > Policies.
  2. Click Edit Default Policy and then click Next.
  3. Add a new policy rule, click Add Policy Rule.
    Option Description
    If a user's network range is Select the network range for this policy rule.
    and user accessing content from Select Android.
    and user belongs to groups If this access rule is going to apply to specific groups, search for the groups in the search box.

    If you do not select a group, the access policy applies to all users.

    Then perform this action Select Authenticate using....
    then the user may authenticate using Select Mobile SSO (for Android).
    If the preceding methods fails or is not applicable, then Configure additional fallback authentication methods.
    Re-authenticate after Select the length of the session, after which users must authenticate again.
  4. (Optional) In Advanced Properties, create a custom access denied error message that displays when user authentication fails. You can use up to 4000 characters, which are about 650 words. If you want to send users to another page, in the Custom Error Link URL text box, enter the URL link address. In the Custom Error Link text text box, enter the text to describe the custom error link. This text is the link. If you leave this text box blank, the word Continue displays as the link.
  5. Click Save.
  6. Drag and drop this rule before the Web Browser rule in the list of default access policy rules.
  7. Click Next to review the rules and then click Save.