Mobile single sign-on lets users automatically sign on to selected mobile applications simply and securely.

The devices that are configured for mobile single sign-on (SSO) are iOS version, Android, and Windows 10.

iOS Single Sign-On Component Configuration

Mobile single sign-on for iOS uses the PKINIT Kerberos protocol for certificate transport, but does not require on premises infrastructure. A built-in Kerberos adapter is available in the identity manager service, which can handle iOS authentication without the need for device communication to your internal domain controller. In addition, AirWatch can distribute identity certificates to devices, eliminating the requirement to maintain an on-premises CA.

Supported Devices

  • iOS Version 9 and later

Android Single Sign-On Component Configuration

Workspace ONE offers universal Android mobile single sign-on. Mobile single sign-on allows users to sign in to enterprise applications securely, without the need for a password. The VMware Tunnel mobile application is installed on Android devices to add certificates and device ID information into authentication flows. This solution supports both classic Android management and Android for Work.

Supported Devices

  • Android 5 and later

  • Applications must support SAML or another supported federation standard

Mobile single sign-on authentication for Android devices can be configured to bypass the Tunnel server when VPN access is not required. For single sign-on, only the Tunnel mobile application is required.

Deploying the Workspace ONE application to all Android devices does not automatically deploy the application Android for Work containers. Android for Work is required to use the Workspace ONE application Adaptive Management feature. To add this application to Android for Work devices as well and for more detail on the additional options available as part of AirWatch MAM, review the VMware AirWatch Integration with Android for Work guide, available on AirWatch Resources.

Windows 10 Single Sign-On Component Configuration

Certificate-based SSO is the recommended experience for managed Windows desktops and laptops. Cert authentication is supported on all x86-based Windows installations.