Configure Access Policies in Workspace ONE Access

Now that we've created our Third Party IDP for AD FS in Workspace ONE Access, we need to use the Authentication Methods we created in our Access Policies to authenticate our domain users with our Third Party IDP authentication methods rather than using the default access policy rules for authenticating our domain users through the Password (AirWatch Connector) method.

1. Edit the Access Policy

  1. Click Identity & Access Management
  2. Click Policies
  3. Click the default_access_policy_set to edit it

2. Create A New Policy Rule for Domain Users

  1. Click the Configuration tab
  2. Click Add Policy Rule

2.1. Configure the Policy Rule

This policy rule will be used to allow our Domain Users (corp.local) to login by leveraging the AD FS authentication methods we setup earlier as part of our 3rd Party Identity Provider configuration.

  1. Select ALL RANGES for the network range
  2. Select All Device Types for the content origin
  3. Enter Domain Users into the user groups search field
  4. Click the Domain [email protected] result to select the group

2.2. Configure the Authentication Methods for the Policy Rule

  1. Scroll down to find the additional configuration options
  2. Select Authenticate using... as the action
  3. Set the 1st authentication method as Windows Authentication.
  4. Set the fallback authentication method as ADFS Password
  5. Click Save

This Policy Rule will first attempt to authenticate our users via Windows Authentication with AD FS.  Should that fail or be inapplicable, password authentication will be attempted.

2.3. Re-Order the Policy Rules

We need our policy rule that will handle AD FS authentication for our domain users to be processed first, otherwise our All Users policy that we configured for Password (Local Directory) will attempt to apply for our domain users instead of our intended policy.

  1. Click and drag the handle for the policy rule we just created for AD FS to the top of the list.  This
  2. Click Next.

3. Save the Updated Policy Rules

Click Save


Add your comment

E-Mail me when someone replies to this comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.