VMware Workspace ONE Business Continuity By Product Workspace ONE Access

Single Sign-On (SSO) to Legacy Apps Using BIG-IP & VMware Workspace ONE

Workspace ONE and F5 app management single sign on SSO

At VMworld Europe 2016, VMware and F5 announce new collaboration that enables simple and secure single sign-on (SSO) to a broad range of business apps—mobile, cloud, SaaS and legacy applications.

Many IT organizations have a simple goal: make it easy for workers to access all their work applications on any device. That simple goal becomes complicated, however, when new apps and old apps do not authenticate in the same way. Unfortunately, workers often face confusing and time-consuming login prompts when trying to use legacy apps.

VMware and F5 today announced a new collaboration that helps remove these complexities and enable productive, any-device app access. By enabling secure SSO to Kerberos constrained delegation (KCD) and header-based authentication apps, VMware Workspace ONE and F5 BIG-IP Access Policy Manager (APM) help workers securely access all the apps they need—mobile, cloud and legacy—on any device anywhere.

The Benefits of SSO to Legacy Applications

With Workspace ONE and BIG-IP APM,  everything just works. Workers have one place to go for all their apps and resources, inside or outside the network on personal and corporate devices. IT gets all the security and control of Workspace ONE’s conditional access policies, such as mobile device management (MDM) compliance checks and step-up authentication, and BIG-IP APM’s secure gateway and app protection.

How SSO with Workspace ONE & BIG-IP APM Works

Workspace ONE acts as an identity provider. It also provides SSO into cloud, mobile and SAML apps. BIG-IP APM passes user authentication to legacy apps, making these apps securely available outside the corporate network.

When a user needs access to a mobile, cloud or web app, Workspace ONE authenticates the user’s identity and provides app access. When the user needs access to a legacy app using Kerberos Constrained Delegation (KCD) or header-based authentication, Workspace ONE authenticates the user and performs a conditional access check. Workspace ONE then sends a SAML assertion with the user’s information to BIG-IP APM, and BIG-IP APM uses this authentication to provide app access.


The combination of Workspace ONE and BIG-IP APM is a win-win for IT and workers. Your business apps stay secure behind the conditional access policies of Workspace ONE and access protection of BIG-IP APM. Your users get access to all their apps and data in one place.

Enabling Productive & Secure SSO in Your Business

To get more details about how to combine the power of Workspace ONE and BIG-IP APM, reach out to your VMware account manager or contact us here.

Want to learn more about Workspace ONE? Visit our website here, request a custom demo or dive into these great blogs:

More EUC news from VMworld Europe 2016: