UEM Token – Workspace ONE Access

UEM Token – Workspace ONE Access Authentication Method


When authentication mode is set to Access for Intelligent Hub and require registration token is enabled, the authentication is done by UEM and enrollment is completed. However, Access is unaware of this authentication, so Access won’t issue token to Hub. The user is prompted for username/password leading to duplicate authentication.


The “UEM Token” authentication method allows customers to seamlessly change the source of authentication from Workspace ONE UEM to Workspace ONE Access for device enrollment of the Workspace ONE Intelligent Hub for iOS and Android.

The Intelligent Hub app coordinates between the connected Workspace ONE UEM and Workspace ONE Access to confirm the intended user and validity of the UEM enrollment token. This solves the problem of duplicate authentication and provides the most seamless transition for Workspace ONE UEM customers to Workspace ONE Access yet and does not impact existing enrolled devices.

Below is the VMware documentation link explaining in detail:

Enable UEM Token Device Enrollment Authentication Method in Workspace ONE Access


  1. Workspace ONE Access (Cloud-only)
  2. Workspace ONE UEM version 22.10 and later
  3. Intelligent Hub iOS or Android versions 22.6 or later

Configuration pre-reqs:

  1. Hub source of authentication set to Access at Customer OG
  2. Enrollment with registration configured
  3. Access will have UEM Token auth adapter enabled
  4. Access policy should use Device Enrollment

Configurations Needed

On Workspace ONE UEM Admin Console

Graphical user interface, application

Description automatically generated

On Workspace ONE Access Admin Console

Enable the “UEM Token” auth method and enable the auth method with the Identity Provider associated to the user directory.


Description automatically generated

Graphical user interface, text, application, email

Description automatically generated

Edit the “Device Enrollment” policy rule in the “default_access_policy_set”.

In the “Device Enrollment” access policy rule, the UEM Token can be used as a single factor or in conjunction with a second factor such as password.

Graphical user interface

Description automatically generated

Written by
 | Website

Joined VMware in July 2015 as a consultant and worked in different BU over 7 years. Having experience in the IT industry of over 10 years with a Master's degree in IT.

4 thoughts on “UEM Token – Workspace ONE Access

  • mahfudz
    2022-11-14 at 04:44


    how can we implement single sign-on using workspace one web with the login page for the internal site? looks like i cant see the documentation for integration. Can help me?

  • Mohd
    2023-01-10 at 11:15

    I am facing same situation with on-premises UEM and Access, where users when they open the Hub (during enrollment), have to provide authentication from UEM and then asked to provide authentication from Access most likely for the Catalog. Is there any way to cancel any of these 2 authentications with on-prem setup?

Leave a Reply

Your email address will not be published. Required fields are marked *.

You may use these <abbr title="HyperText Markup Language">HTML</abbr> tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.

BCF Shop Theme By aThemeArt.