When External Access Token is configured as an authentication method, the authentication method is available in the built-in identity provider. You must associate this authentication method with a user directory in the built-in identity provider.


External Access Token enabled in the AirWatch configuration page.

External Access Token activated as an authentication method.


  1. In the Identity & Access Management tab, go to Manage > Identity Providers.
  2. Click the Built-in from the list view.




    The configured directories are listed. Select the users directories to use the external access token authentication method.


    The existing network ranges configured in the service are listed. Select the network ranges for the users based on the IP addresses that you want to direct to this identity provider instance for authentication.

    Authentication Methods

    The authentication methods that are configured on the service are displayed. Select the AirWatch External Access Token check box.

  3. Click Save.

What to do next

Configure the default access policy rule to list the External Access Token authentication method as the last fallback method in the rule. See Create Access Policy for Workspace ONE Out-of-Box Experience Process.

Go to the Catalog Settings page to create a custom branded welcome page and message for users who sign in to Workspace ONE as part of the Windows 10 out-of-box experience. See Workspace ONE for Windows 10 Custom Out-of-Box Branding.