For this lab we will be using the VMware Workspace ONE app to demonstrate the conditional access and Single Sign-On functions instead of a public 3rd party application such as the native SalesForce app.
Conditional access to corporate resources through Workspace ONE combines VMware AirWatch management capabilities with VMware Identity Manager™. Available across all platforms and device types, conditional access provides the intelligence necessary for comprehensive unified endpoint management. While VMware AirWatch automatically denies access to unmanaged devices, conditional access enables a more nuanced approach by allowing managed devices to access corporate resources if they report a healthy compliance status.
For this lab several items such as Identity Manager integration and Certificate Profiles have been pre-configured for your Organization Group.
2. View Conditional Access Flow
We will now launch the Workspace ONE App to see how our access is affected when logging in from a device that is not enrolled.
2.1. Launch the Workspace ONE App
- Click the Windows button.
- Click the Workspace ONE app icon from the start menu.
2.2. Enter the Workspace ONE Server Address
- The server address "https://ws1user.vidmpreview.com" should already be set when launching the Workspace ONE app, enter the value in the Server Address field if it is not already set.
- Click Next.
2.3. Enter Your Username for Workspace ONE
- Enter "aduser" for the username.
- Click Next.
2.4. Confirm Authentication Failure
The environment has been configured to use certificate authentication into the application. The certificate is installed on the device only after the device has been enrolled into AirWatch thus preventing any unauthorized users from accessing the application's information.
2.5. Close Workspace ONE
Close the Workspace ONE application by clicking on the "X" in the upper right corner.