UEM Token – Workspace ONE Access
UEM Token – Workspace ONE Access Authentication Method
When authentication mode is set to Access for Intelligent Hub and require registration token is enabled, the authentication is done by UEM and enrollment is completed. However, Access is unaware of this authentication, so Access won’t issue token to Hub. The user is prompted for username/password leading to duplicate authentication.
The “UEM Token” authentication method allows customers to seamlessly change the source of authentication from Workspace ONE UEM to Workspace ONE Access for device enrollment of the Workspace ONE Intelligent Hub for iOS and Android.
The Intelligent Hub app coordinates between the connected Workspace ONE UEM and Workspace ONE Access to confirm the intended user and validity of the UEM enrollment token. This solves the problem of duplicate authentication and provides the most seamless transition for Workspace ONE UEM customers to Workspace ONE Access yet and does not impact existing enrolled devices.
Below is the VMware documentation link explaining in detail:
- Workspace ONE Access (Cloud-only)
- Workspace ONE UEM version 22.10 and later
- Intelligent Hub iOS or Android versions 22.6 or later
- Hub source of authentication set to Access at Customer OG
- Enrollment with registration configured
- Access will have UEM Token auth adapter enabled
- Access policy should use Device Enrollment
On Workspace ONE UEM Admin Console
On Workspace ONE Access Admin Console
Enable the “UEM Token” auth method and enable the auth method with the Identity Provider associated to the user directory.
Edit the “Device Enrollment” policy rule in the “default_access_policy_set”.
In the “Device Enrollment” access policy rule, the UEM Token can be used as a single factor or in conjunction with a second factor such as password.