by: VMware Senior Manager, Authentication Services Robert Coggins
As a large enterprise with major enterprises as customers, VMware has tens of thousands of colleagues accessing apps daily. Unfortunately, the traditional sign-on process to access those apps is vulnerable to hacking, a fact compounded as each app requires a separate password. At issue is that passwords are not managed properly—colleagues often write them down or are otherwise lax with security. This leaves passwords open to theft and puts a significant drain on IT support. And alternative solutions (such as exponential passwords) don’t really work in reality as colleagues either bypass them or ignore safeguards altogether.
Realizing this mission-critical issue, VMware IT teams employed VMware Workspace ONE® with VMware Identity Manager™ and Workspace ONE UEM to create a powerful single sign-on (SSO) solution that offers both top-flight security and remarkable ease of use.
Why Workspace ONE?
Workspace ONE offers colleagues an all-in-one location for every app they need, accessed via a single, solitary password. This delivers a variety of advantages. Helpdesk personnel are less burdened with password reset requests. Dynamic entitlements enable colleagues to self-administer privileges and roles (for themselves or others) on the fly—apps are appropriately and automatically added or removed without the need of IT intervention. If a colleague is terminated or resigns, the system de-provisions his/her credentials. And conditional access via Identity Manager lets managers create several levels of access based on network, application, and other variables.
But it’s not just secure . . .
Workspace ONE features a host of other benefits as well. As mentioned, all apps are contained in a single centralized location. Colleagues no longer have to annoy others by asking for the right URL for an app. They can bookmark frequently used apps, allowing even faster access. Quick searches and other non-regular actions (such as accessing seldom-used apps) are simplified, and such apps can be bookmarked as well. There is tagging/categorization based on organization, so colleagues can explore additional apps relevant to their job function. And there is easy access to virtual desktops and applications via VMware Horizon® View™.
Identity Manager + UEM = the ideal colleague experience
The real power of Workspace ONE can be found in its Identity Manager and UEM components. Mobile SSO (available for iOS and Android) has never been easier, as remote colleagues can seamlessly connect via any device without the hassles of logging in and configuring their applications. Required apps, profiles, and credentials are automatically loaded upon sign in. On the IT side, applications can be effortlessly pushed to colleagues, and there is an app catalog that makes it simple to selectively install applications—all while automatically adhering to corporate rules and policies.
Although there were issues
Android did not play well with SSO (iOS worked fine), so our teams needed to develop a proprietary mechanism to resolve this issue. Working closely with the product team within a proof of concept (POC) environment, we ultimately released an enterprise-ready Android solution after some expected trial and error.
25,000 fans can’t be wrong
Today, thanks to Workspace ONE, more than 25,000 colleagues access nearly 800 applications and resources via more than 4.2 million launches a month from a wide variety of devices via an SSO. Support calls to IT involving password resets have dramatically decreased, and overall colleague adoption rates have exceeded expectations. Best of all, IT met their major goal of empowering colleagues (and reducing overall IT burdens) via SSO, all while ensuring privacy rules and safeguards are always enforced.
VMware on VMware blogs are written by IT subject matter experts sharing stories about our digital transformation using VMware products and services in a global production environment. Contact your sales rep or email@example.com to schedule a briefing on this topic. Visit the VMware on VMware microsite and follow us on Twitter.