EUCZero Trust 2020 Secure AccessMulti-Factor Authentication (VMware Verify)

Multi-Factor Authentication (VMware Verify)

This lab will be demonstrate how best to use multi-factor authentication to secure access the WorkspaceONE portal as well as various service providers

In this lab we will cover how to setup VMware Verify and then authenticate using a soft token.

Part 1: VMware Verify 

Part 1: VMware Verify

  1. On the ConrolCenter2,
    1. Open Chrome and navigate to access.euc-livefire.com or select on the Access bookmark
    2. Select System Domain from the dropdown and
    3. Select Next.
  1. Authenticate using
    1. Username: admin
    2. Password: VMware1!
    3. Select Sign in
  1. In the Workspace ONE Access administration console
    • Select on Identity & Access Management,
    • Select on Authentication Methods
  1. Under Authentication Methods
    • Select the pencil icon next to VMware Verify in the Authentication Methods page
  1. In the VMware Verify window
  • Select the check box next to enable VMware Verify and then paste the following Security Token

eyJ2ZXJzaW9uIjoiMS4wIiwiYXBpS2V5IjoiZWZrTXVCY0lDaHdKcU5pTElTSlhjVWQwVnU1MG1RaGEiLCJhY2Nlc3NLZXkiOiJjQVhaa0lQajY2M2kyNmZ1YUJ2RVZVemNGZ2gzbU1pNDhiOXhPYm9CNnhrIiwiYXBwSWQiOiIyODY2MzciLCJhcHBBcGlLZXkiOiJDZVQxeXlvZnE1UFc4bGdFSUw3d3VrdWdHdHBsZENKdyIsInNpZ25pbmdLZXkiOiJQN0xEZ3Q4ajlEQ2k0N042a1hEMGVCRmFQck10WUVzOSIsImVuYWJsZWQiOnRydWV9

  • Select Save at the bottom of the page
  1. In the Workspace ONE Access Console
    • Navigate to Identity Provides at the top navigation tab.
    • Select Built-in
  1. In the Built-in Identity Providers window
    • Scroll down to the middle of the page until you see Authentication Methods,
    • Select the checkbox next to VMware Verify
    • Select Save at the bottom of the page
  1. We will add VMware verify to an access policy now
    • In the Workspace ONE Access console
      • Select  Policies
      • Select ADD POLICY
  1. On the New Access Policy Page
    • Policy Name: Demo App
    • Applies to: select the SAML Demo App from the drop down
  • Select NEXT
  1. In the Configuration section
    • Select ADD POLICY RULE
  1. In the Add Policy Rule windows select the following, next to:
    • and user accessing content from: Web Browser
    • then user may authenticate using (select from drop down): Password (Cloud deployment)
    • To  the right of Password (Cloud deployment) , select the "+" and from the dropdown, select  VMware Verify
    • Select SAVE at the bottom of the screen
      • (leave the other settings as default)
  1. Back in the New Access Policy page
    • Select NEXT
  1. On the Summary page of the New Access Policy window
    • Select SAVE
  1. You should now have two access policies:
    • The default access policy set and the Demo App policy.
  1. On your ControlCenter2 server
    • Open your   Mozilla Firefox browser or Chrome in incognito window.
    • Navigate to the the Demo App on  https://sptest.iamshowcase.com/ixs?idp=ad0afe77db012e758034028c0dc5e00ba60af514
      • It will redirect to access.euc-livefire.com.
    • Select Next with the euc-livefire.com domain selected
  1. In the Workspace ONE Access login
    • Authenticate under
      • username: user1
      • password: VMware1!
    • Select Sign in
  1. Now you will be redirected to authenticate using MFA. The first time this will require a phone number.
    • In the Workspace ONE Login
      • In the dropdown enter the Country Code
      • Then put in your phone number and Select Sign In
  1. On your mobile Phone
    • Check that you received  the information on how to sign up for VMware Verify on your mobile via SMS.
    • Download the VMware Verify application
    • Use the code in the message to authenticate to the app.
  1. On your Mobile Phone
    • The process of installation may change according to your mobile platform (Above noted steps are for iOS).
    • Follow the instructions in the VMware Verify application to enter your phone number
  1. On your Mobile Phone
    • You will receive a SMS.
    • Select on the link in the SMS message which will open the VMware Verify app
    • Verify the application
  1. On your Mobile Phone
    • Set a new Pin code one the application for authentication
    • Select Allow for push notification (This is optional)
  1. On your Mobile Phone
    • Once the application has been configured you will now have the access.euc-livefire.com environment listed in the application for two-factor.
  1. On the Workspace ONE Access Login
    • the code you see in the VMware Verify Application into the browser where VMware Verify is prompting you for the unique code.
  1. In the Workspace ONE Acces Console
    • You should now be successfully authenticated to the SAML Demo App.

NOTE: SMS is only required for initial setup of the VMware Verify authentication method.

This concludes multi-factor using VMware Verify authentication lab.

Notice this authentication method is applied to a single application and does not apply to the default access policy.

0 Comments

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.