In this walkthrough we're going to show you how to use VMware Verify as a method of built in two-factor authentication in Workspace ONE. We'll cover setting this up for the first time on your device as well as the 3 methods of authentication available with VMware Verify.
- Setup VMware Verify on your device
- Authentication Method 1 - OneTouch approval
- Authentication Method 2 - One-time passcode via VMware Verify app (soft token)
- Authentication Method 3 - One-time passcode over SMS
Before You Begin
- A mobile device with a cellular connection
- A valid account in the VMware TestDrive environment, sign up here if you don't
- Activated Salesforce from the My Services tab within the Testdrive portal. You can login to the portal at portal.vmtestdrive.com.
Background Info - Talking Points
VMware Identity Manager has integrated with two-factor authentication solutions up to this point using SAML and RADIUS protocols. However, customers who did not already have a 2FA solution had to purchase one separately. Now, VMware Verify is built in to VMware Identity Manager at no additional cost, providing a 2FA solution for Workspace ONE applications.
VMware Verify can be set as a requirement on a per app basis for web or virtual apps on the Workspace ONE launcher OR to login to Workspace ONE to view your launcher in the first place. The VMware Verify app is currently available on iOS and Android.
VMware Verify supports 3 methods of authentication:
- OneTouch approval
- One-time passcode via VMware Verify app (soft token)
- One-time passcode over SMS
Setup VMware Verify on your device
To get started we will attempt to access an app which requires 2FA. In TestDrive, we have enabledSalesforce to require 2FA on unmanaged OS X and Windows machines. Open your favorite web browser on your unmanaged machine and navigate to the Testdrive Workspace ONE instance at wsone.vmtestdrive.com. You'll need to login with your Testdrive Username and Password (no domain is required).
Now that you're logged into Workspace ONE, we'll need to launch Salesforce. Search for Salesforce in Workspace ONE. If you don't see Salesforce in your launcher, this is because you have not yet enabled it for your TestDrive account! Login to the TestDrive portal and turn it on!
Now that you've found it launch the app!
Now you can see our device has triggered an app that requires two factor authentication through VMware Verify. Since this is our first time accessing a VMware Verify required app we'll need to setup our account. Choose your Country Code from the drop down, enter your phone number and click sign in.
Next, your device will receive a text message stating you need to download the VMware Verify app to complete the setup of your account.
Note: You will only receive this text message upon setting up VMware Verify for the first time. If you have ever used your device for VMware Verify in the past (regardless of which environment) your phone number is stored and will never be sent this text again. However, you can still setup new accounts by just continuing past this step and downloading the VMware Verify app.
Next, navigate to the app store and download the Verify app.
Launch the app. Now we'll need to enter the same phone number we entered in our web browser with our country code and hit OK.
Next, we'll need to verify that we are the owner of this number. Choose a method to verify the phone number (for this guide we'll choose SMS).
Verify will send us a text message with our registration code. Click the link to have the code automatically entered into the Verify app or copy paste the code to manually enter it.
Now that you have confirmed your phone number, you'll need to create a PIN for the VMware Verify app. Enter your PIN to continue.
Note: If your device has touch ID enabled you will still need to create a PIN. However, the next time you close the VMware Verify app and open it again you'll get a prompt to enable touch ID for VMware Verify. From then on you'll be able to authenticate on the PIN page with touch ID.
Once your PIN is configured, you'll now be able to see your soft token for the TestDrive environment. The last step to setup our account is to enter this soft token back on the browser window.
Enter the soft token and hit Sign In.
Now you'll see the user is signed into Salesforce and now your VMware Verify token has been completely setup!
Now that our account is fully configured we can walk through the 3 methods of authentication available with VMware Verify. As a reminder those 3 methods are: OneTouch approval, soft token, and one-time passcode over SMS.
Authentication Method 1 - OneTouch approval
To use OneTouch approval, first we'll need to trigger a Workspace ONE app that requires 2FA using VMware Verify. Log out of Salesforce if you are currently logged in and head back to the Testdrive Workspace ONE instance at wsone.vmtestdrive.com.
Login with your Testdrive username and password if needed and launch Salesforce.
Now that you account is configured you'll see a loading page noting the user needs to approve the request through VMware Verify.
On your device you'll get a notification for this request. Just swipe to open the notification.
We will use Touch ID to unlock our device with one click, but if you don't have Touch ID enabled you can enter the password.
Now that we've unlocked the device we can use Touch ID to unlock the VMware Verify app (or enter the PIN).
And now you can tap Approve to allow your browser to login to Salesforce.
Next, you'll see the browser window reload and the user is signed in to Salesforce!
Authentication Method 2 - One-time passcode via VMware Verify app (soft token)
Next, we will walk through using a soft token for VMware Verify authentication. First, log out of Salesforce if you are logged in and navigate again to the Testdrive Workspace ONE instance at wsone.vmtestdrive.com.
You'll again be brought to the loading screen. This time, select Didn't get the request? Click here.
Now, you'll be brought to the page where you will enter your soft token. Switch over to your device and open the VMware Verify app.
Note your token from the home screen on the VMware Verify app.
Once you have entered your token and selected Sign In the user will be signed into Salesforce.
Authentication Method 3 - One-time passcode over SMS
The last method of authentication is one-time passcode over SMS which is ideal for any users who may not have a smart phone. To trigger this method head back to the TestDrive instance of Workspace ONE, login with your account if necessary and launch Salesforce again.
Select Didn't get the request? Click here.
Next, select Sign in with SMS.
You'll get a SMS message with your one-time passcode.
Now you can enter that code into the web browser and click Sign In.
And you'll be signed into Salesforce!
For Additional Support