Zoeken
  • Edwin de Bruin

VMware Verify (Intelligent HUB) is available within the Default Access Policy on al device platforms

Awesome:


VMware Verify (Intelligent HUB) is available within the Default Access Policy on al device platforms!



Little back story:


As stated in the following article:


Workspace ONE Access: VMware Verify End-of-Life Migration Paths (88424)

VMware Verify will reach end-of-support (EoS) and end-of-availability date (EoA) on October 31st, 2022.


This gave us some headaches.. what are the alternatives? VMware Verify worked very well and gave us the basic features we requested… like PUSH functionality.


Of course we could move to a third party solution like Azure MFA, DUO or MobilePass (whom served us well for many years now.) But this would inflict additional licensing in most cases and we like to stay within the VMware Suite.

So two options:


The new authenticator App


· Authenticator App (any app supporting TOTP RFC 6238 standard)*: By adding support for authenticator apps that use time-based one-time passcodes (TOTP) such as Microsoft Authenticator, Google Authenticator, Okta Verify, Authy; customers can enable their users to configure their device for second-factor authentication, free of charge. This authentication method is currently available in preview and can be requested for early access now on the orkspace ONE Access EUC Beta portal.


I was able to test this solution. TOTP works very well with authenticator apps like Google authenticator or its alternatives.


But… one mayor drawback… no push functionality we’re accustomed to…


Intelligent HUB Verify


· Verify (Intelligent Hub) is a multi-factor (MFA) authentication method integrated with the Workspace ONE Intelligent Hub app. Users will receive a push notification request to the Intelligent Hub app on their managed or registered device to approve their login. There is no further registration required once notification and app catalog are enabled, and this authentication method is configured within Workspace ONE Access policy rules.


This one seems the one we are looking for cause this one supports Push notification.


So we are validating the Intelligent HUB Verify road. While testing this we ran in to one big limitation.


The intelligent HUB Verify is not configurable on all device platforms within the default access policy.


At first not a problem since we where only testing with the WEB platform.. when introducing the usecases based on mobile platforms we could not configure a fallback for these device types to Password + Verify (intelligent Hub).. so when a user tries login with a device like an unmanaged IOS device he or she gets denied access.


After intensive contact between us and the VMware development team (in the end me even sending a virtual flower bouquet cause my mail went a little bit on the blunt side) The limitation has been dropped and rolling out to production!


Shall we commence the testing ladies and gentlemen?






























113 weergaven0 opmerkingen

Recente blogposts

Alles weergeven