VMware Verify is a relatively new player on the two-factor authentication method, one that you can use for VMware Workspace ONE for instance. Today I had a customer where we wanted to test VMware Verify. The setup is rather straightforward, there are only a few things to do and in this article, I will show the steps to activate it.
The first thing to do is to request an activation token for your environment, in the documentation, it says you should call VMware support. Those days are over, today I learned that you should contact your local VMware representative. He or she can generate the token for you. What they will need is the URL where the users are connecting to, so e.g. workspace.customername.com.
The token is received in an Email and copied to the VMware Workspace ONE appliance console. Open the Admin console, go into Identity & Access Management and click on Authentication methods. Check the box that says “Enable VMware Verify” and paste the code in the field.
Identity providers & Policies
Let’s go to Identity Providers and Policies shortly. After you enabled VMware Verify you need to go into the Identity provider, open the Built-in Identity Provider and select VMware Verify as one of the options. If you don’t do this Verify will not be available.
You also need to go into Policies and change e.g. the Web browser policy and set VMware Verify as one of the authentication methods. There are several options but here we have Cloud Password and VMware Verify and if that doesn’t work revert to a local password which only would work for a local admin.
Once this is configured you are ready to go. If users connect to the portal they are presented with a request for a username and password initially. After they proceed past that VMware Verify kicks in. As this is an initial setup for this user questions are asked.
- What is the country code?
- What is the mobile number?
Now you need to set up the mobile app, you’re almost there. The token is waiting already so hurry up.
On the user side
If we look at the user side of things we see a mobile app that is installed by the user on the mobile. It goes fast, you open the app, add your mobile number + the country code. Below is the iPhone config, on an Android the screen looks a bit different. you will be asked how to receive the verification link, by SMS or perhaps by a Call. Click on SMS. You will receive one instantly and if you click on the link it will ask you to set a security pin twice.
The app is configured now and if you signed in to the portal you by now have a token on your screen. There is not much to it, this is all the configuration. When you try to login. you get a Push message on your mobile.
In the management console, you can see which users have VMware Verify enabled and active. you can see which number is in use and when it was last used. Also if you want or need you can reset the users Verify account. The next time they logon tehy need to set it up again.
Just a short blog but there is not that much to say about it. If you enable it the steps to be going takes minutes.