Multi-Factor Authentication (VMware Verify)

This lab will be demonstrate how best to use multi-factor authentication to secure access the WorkspaceONE portal as well as various service providers

In this lab we will cover how to setup VMware Verify and then authenticate using a soft token.

Part 1: VMware Verify 

Part 1: VMware Verify

  1. On the ConrolCenter2,
    1. Open Chrome and navigate to or select on the Access bookmark
    2. Select System Domain from the dropdown and
    3. Select Next.
  1. Authenticate using
    1. Username: admin
    2. Password: VMware1!
    3. Select Sign in
  1. In the Workspace ONE Access administration console
    • Select on Identity & Access Management,
    • Select on Authentication Methods
  1. Under Authentication Methods
    • Select the pencil icon next to VMware Verify in the Authentication Methods page
  1. In the VMware Verify window
  • Select the check box next to enable VMware Verify and then paste the following Security Token


  • Select Save at the bottom of the page
  1. In the Workspace ONE Access Console
    • Navigate to Identity Provides at the top navigation tab.
    • Select Built-in
  1. In the Built-in Identity Providers window
    • Scroll down to the middle of the page until you see Authentication Methods,
    • Select the checkbox next to VMware Verify
    • Select Save at the bottom of the page
  1. We will add VMware verify to an access policy now
    • In the Workspace ONE Access console
      • Select  Policies
      • Select ADD POLICY
  1. On the New Access Policy Page
    • Policy Name: Demo App
    • Applies to: select the SAML Demo App from the drop down
  • Select NEXT
  1. In the Configuration section
    • Select ADD POLICY RULE
  1. In the Add Policy Rule windows select the following, next to:
    • and user accessing content from: Web Browser
    • then user may authenticate using (select from drop down): Password (Cloud deployment)
    • To  the right of Password (Cloud deployment) , select the "+" and from the dropdown, select  VMware Verify
    • Select SAVE at the bottom of the screen
      • (leave the other settings as default)
  1. Back in the New Access Policy page
    • Select NEXT
  1. On the Summary page of the New Access Policy window
    • Select SAVE
  1. You should now have two access policies:
    • The default access policy set and the Demo App policy.
  1. On your ControlCenter2 server
    • Open your   Mozilla Firefox browser or Chrome in incognito window.
    • Navigate to the the Demo App on
      • It will redirect to
    • Select Next with the domain selected
  1. In the Workspace ONE Access login
    • Authenticate under
      • username: user1
      • password: VMware1!
    • Select Sign in
  1. Now you will be redirected to authenticate using MFA. The first time this will require a phone number.
    • In the Workspace ONE Login
      • In the dropdown enter the Country Code
      • Then put in your phone number and Select Sign In
  1. On your mobile Phone
    • Check that you received  the information on how to sign up for VMware Verify on your mobile via SMS.
    • Download the VMware Verify application
    • Use the code in the message to authenticate to the app.
  1. On your Mobile Phone
    • The process of installation may change according to your mobile platform (Above noted steps are for iOS).
    • Follow the instructions in the VMware Verify application to enter your phone number
  1. On your Mobile Phone
    • You will receive a SMS.
    • Select on the link in the SMS message which will open the VMware Verify app
    • Verify the application
  1. On your Mobile Phone
    • Set a new Pin code one the application for authentication
    • Select Allow for push notification (This is optional)
  1. On your Mobile Phone
    • Once the application has been configured you will now have the environment listed in the application for two-factor.
  1. On the Workspace ONE Access Login
    • the code you see in the VMware Verify Application into the browser where VMware Verify is prompting you for the unique code.
  1. In the Workspace ONE Acces Console
    • You should now be successfully authenticated to the SAML Demo App.

NOTE: SMS is only required for initial setup of the VMware Verify authentication method.

This concludes multi-factor using VMware Verify authentication lab.

Notice this authentication method is applied to a single application and does not apply to the default access policy.


Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.