Setting workspace one access with Multi factor authentication is one of the important topics to secure the environment, workspace one access support multiple MFA options such as :
- Radius MFA (direct integration)
- RSA Secure ID (direct integration)
- VMware verify (end of life October 31st, 2022 ) (direct integration)
- Any MFA integrated with identify provider SAML integration (Indirect Integration) (SMS gateways integrated with ADFS integrated, ADFS integrated with WS1 Access as IDP SAML Integration )
- Authenticator App (built in feature and doesn’t require third party solution ) , users would use the Intelligent Hub or similar authenticators like Microsoft / Google Authenticator apps to enter Time-based One-time (TOTP) pass code to login into Workspace One Access, this feature make workspace ONE access as MFA solution.
This blog to guide administrators to configure this Authenticator App in workspace ONE access
- Configure authentication Method
- Login to the VMware Workspace One Access Manager administration console
- Navigate to the Integrations tab
- Click Authentication Methods on the left pane
- Select Authenticator App (by default it would be disabled)
- Click Configure
- Navigate to the Integrations tab
- Click Identity Providers on the left pane
- Select your Directory IDP/Built-in IDP
- Enable the Authenticator App
- Click Save
- Modify Workspace ONE Access Policy to include authenticator App
- Navigate to Resources Tab
- Click Policies on the left pane
- Select the Access policy
- Click edit
- Click Next
- Select and configure the policy rules
- Click the plus sign to add an additional Authentication method
- Click the drop-down
Select Authenticator App from the drop-down
- Note: The policy configured will allow any users assessing from a web browser to first authenticate using a password and then Authenticator App
- Click Save
- Click Next
- Review and verify the details
- Click Save
Validation
- The user enters the directory credentials
- Click sign in
- First time user is prompted to configure the Authenticator app
- Enter the code displayed on the Authenticator app
- Click Enter
Login Success
User Administration for Authenticator app
Access the VMware Workspace One Access Manager administration console
Navigate to the Accounts Tab
Click Users on the left
Search and select the user from the user’s list
Click the Two-Factor Authentication tab
Here is the place to check/reset the settings for the user
Workspace One Access, Authenticator App for Two-Factor Authentication Configuration is complete.
Reference Articles, VMware documentation
Configure an Authenticator App for Two-Factor Authentication with Workspace ONE Access
Add Authentication Rules Workspace ONE Access Default Access Policy
Read also in my blog