In this blog post we will walk through the process of setting up VMware Verify and enabling it on your mobile device. VMware Verify was introduced earlier this year as a free multi-factor authentication solution provided by VMware. Verify is built into VMware Identity Manager (Workspace One) as an identity provider, and is easily enabled. Today we will walk through the process of setting up VMware verify to secure login to VMware Identity Manager and other apps. There are basically two parts to this effort. First we will walk through the download of the app on your mobile device, then the setup and configure Verify in Identity Manager (Workspace One).
What is VMware Verify?
VMware Verify makes it easy to use Two-Factor Authentication on your account using your smartphone. We provide you an App that makes it easy for you to keep all your tokens, and it “just” works for strong authentication. Our goal is to make it easy and straightforward for anyone to use Two-Factor authentication on your account.
Download VMware Verify
VMware Verify can be downloaded from the Apple App Store and Google Play for Android mobile devices. The download is free and any user who will be subject to multi-factor authentication using VMware Verify will need to download this mobile app.
Below are the links for ISO and Android download pages. These apps can also be downloaded through the App Store of your mobile vendor.
How to Register VMware Verify App on your Mobile Device
- Enter your cellphone number here.
- If you don’t have an account, enter your e-mail to create one.
- For security, you will be sent a registration pin via SMS or called on your mobile phone. Once you retrieve this verification code you will need to enter it in on the VMware Verify mobile app.
- You may also be asked to setup a four digit protection pin.
- After setting up the verification code (if needed) and entering the verification code, VMware Verify is ready for use on your mobile device.
Add VMware Verify to Identity Manager Application
VMware Verify tokens are generated by VMware and provided to customers after the initial tenant appliance/system is online and configured. The VMware Verify identity provider is built in to identity manager.
Once you have received the token from VMware, follow the steps below to create a VMware Verify identity provider.
- Go to Identity & Access Management > Authentication Methods. Select the pencil icon to the right of VMware Verify.
- Click the Enable VMware Verify Paste the security token you received from VMware into the “Security Token” text box. Click Save to store the token in the database and enable VMware Verify within Identity Manager. This configuration only needs to be done once. The settings will be applied to all appliances in the cluster.
- In the Identity & Access Management tab, go to Manage> Identity Providers.
Click Add Identity Provider, and select Create Built-in IDP.
– Provide a name for the new identity provider.
– Select which users will be subject authentication.
– Select VMware Verify as the authentication method.
– Click Add to save the identity provider configuration.
- In the Identity & Access Management tab, go Policies. Click Add Policy.
- In the new policy dialogue add a Policy Name, select the applications which will be subject to VMware Verify multi-factor authentication, and define Policy Rules. In this example we will require Microsoft Excel 2010 execution be subject to VMware Verify authentication.
– Provide a Policy Name.
– Select the application to which VMware Verify multi-factor authentication will apply.
– Click the + to define the policy rules.
– Then click Save.
(The screenshot below shows the policy configuration after the applications have been selected and policy rule has been defined.)
6. Choose a Network Range, and select the device types this policy applies to. Choose VMware Verify from the list of authentication methods, then click OK.
7. Click Save to create the new policy.
8. Validate the Application Access Policies for the application is set correctly.
9. Login to Identity Manager as a user. Click Open on the application defined in the policy for VMware Verify multi-factor authentication.
10. When you click Open on the application it will launch the VMware Verify dialogue for multi-factor authentication. Select the Country Code for the phone number registered with VMware Verify. Enter the Phone Number registered with VMware Verify, then click Sign In.
11. Depending on the users VMware Verify setting the user is prompted to enter a token, or approve the launch request on their mobile device. Once authenticated through VMware Verify the user will be able to re-launch the application without re-authentication for the duration of the identity manager session. In other words, closing and launching the application again in the same identity manager session will not require VMware Verify authentication.
12. To view users VMware Verify activity through Identity Manager, Go to Users & Groups > Users. Select a user and choose VMware Verify. You can also reset VMWare Verify from this screen for individual users.
Add VMware Verify Authentication to Identity Manager Login
VMware Verify multi-factor authentication can be enforced at Identity Manager logon. To achieve this you need to edit the proper policy to include both VMware Verify and the appropriate authentication method.
The screenshot below shows how VMware Verify is required before a user enters their standard network login credentials. In the example, the authentication method is applied to all network ranges, and all device types. Depending on your specific needs these options may be different.
Download VMware Verify
Jeffrey Davidson, Senior Consultant, VMware EUC. Jeffrey has over 16 years of IT experience and joined VMware in 2014. He is also a VCP5-DCV and VCP5-DT. He is a strong advocate of virtualization technologies, focusing on operational readiness with customers.