UEM Token – Workspace ONE Access

UEM Token – Workspace ONE Access Authentication Method

Issue:

When authentication mode is set to Access for Intelligent Hub and require registration token is enabled, the authentication is done by UEM and enrollment is completed. However, Access is unaware of this authentication, so Access won’t issue token to Hub. The user is prompted for username/password leading to duplicate authentication.

Solution:

The “UEM Token” authentication method allows customers to seamlessly change the source of authentication from Workspace ONE UEM to Workspace ONE Access for device enrollment of the Workspace ONE Intelligent Hub for iOS and Android.

The Intelligent Hub app coordinates between the connected Workspace ONE UEM and Workspace ONE Access to confirm the intended user and validity of the UEM enrollment token. This solves the problem of duplicate authentication and provides the most seamless transition for Workspace ONE UEM customers to Workspace ONE Access yet and does not impact existing enrolled devices.

Below is the VMware documentation link explaining in detail:

Enable UEM UEM Token Device Enrollment Authentication Method in Workspace ONE Access

Pre-Requirements

  1. Workspace ONE Access (Cloud-only)
  2. Workspace ONE UEM version 22.10 and later
  3. Intelligent Hub iOS or Android versions 22.6 or later

Configuration pre-reqs:

  1. Hub source of authentication set to Access at Customer OG
  2. Enrollment with registration configured
  3. Access will have UEM Token auth adapter enabled
  4. Access policy should use Device Enrollment

Configurations Needed

On Workspace ONE UEM Admin Console

Graphical user interface, application

Description automatically generated

On Workspace ONE Access Admin Console

Enable the “UEM Token” auth method and enable the auth method with the Identity Provider associated to the user directory.

Table

Description automatically generated

Graphical user interface, text, application, email

Description automatically generated

Edit the “Device Enrollment” policy rule in the “default_access_policy_set”.

In the “Device Enrollment” access policy rule, the UEM Token can be used as a single factor or in conjunction with a second factor such as password.

Graphical user interface

Description automatically generated

Written by

+ posts

Joined VMware in July 2015 as consultant and working in different BU over 6 years. Having experience in IT industry over 10 years with Masters degree in IT.

2 thoughts on “UEM Token – Workspace ONE Access

Leave a Reply

Your email address will not be published. Required fields are marked *.

*
*
You may use these <abbr title="HyperText Markup Language">HTML</abbr> tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.

BCF Shop Theme By aThemeArt.
BACK TO TOP