To establish the Workspace ONE out-of-box experience (OOBE) after the External Access Token is enabled and added to the built-in identity provider, you must add the External Access Token authentication method to the default access policy set.

Procedure

  1. In the administration console Identity & Access Management tab, select Manage > Policies.
  2. Click Edit Default Policy and then click Next.
  3. Select the row that lists the Workspace ONE App in the Device Type column.

    If the Workspace ONE App rule is not listed, click Add Policy Rule.

  4. Select the authentication methods to use to access content from the Workspace ONE application.

    List the External Access Token authentication method as the last fallback method in the rule. When the External Access Token is detected in the authentication request, the authentication method is honored. Any other authentication methods listed after the External Access Token are not detected.

  5. Click Next to review the configuration.
  6. Click Save.
    Figure 1.
  7. On the Configuration page, review the order of the rules in the rules list. If the Workspace ONE app rule is not the first rule in the default access policy list, drag the rule to be the first row in the list.

    Workspace ONE App must be the first rule in the default access policy rules list.

  8. Click Next.
  9. Review the Summary page and click Save.