This Beta integration is provided by a partnership between Okta and VMware. To learn more, please visit the Beta Program Sign-Up page.

Enforce Okta Device Trust for VMWare Workspace One-managed iOS and Android devices (Beta)

Okta Device Trust for VMware Workspace ONE-managed iOS and Android devices allows you to prevent unmanaged mobile devices from accessing enterprise services through browsers and native applications. This Device Trust solution combines the power of Okta’s Contextual Access Management policy framework with device signals from VMware Workspace ONE to deliver a secure and seamless end-user experience. Allowing Workspace ONE to add the Device Context to the SAMLAn acronym for Security Assertion Markup Language, SAML is an XML-based standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP). The SAML standard addresses issues unique to the single sign-on (SSO) solution, and defines three roles: the end user, the IDP, and the SP. Here's how SAML works through Okta: SP-initiated flow: the end user requests (principally through a browser) a service from the SP. The SP requests and obtains an identity assertion from the IdP (in this case, Okta). On the basis of this assertion, the SP can decide whether or not to authorize or authenticate the service for the end user. IdP-initiated flow: with Okta as the IdP, an end user goes to the Okta browser and clicks on a chiclet, sending a SAMLResponse to the configured SP. A session is established with the SP, and the end user is authenticated. Assertion lets enterprises leverage Okta’s policy framework to require users to enroll their unmanaged device or satisfy an MFA challenge.