Introduction to VMware Verify
VMware Verify is a two-factor authentication (2FA) app for securing your digital workspace, available for free with VMware Identity Manager.
VMware Identity Manager (IDM) integrated with third-party 2FA solutions for a long time through RADIUS and SAML protocols. This allowed customers to leverage their existing investments in these technologies, while protecting login into VMware IDM portal that presented keys to the kingdom through single sign-on (SSO) to apps. But, customers without a third-party 2FA system had to purchase them separately. Now, you can use the Verify app to secure login to VMware IDM and other apps. The Verify app is available for iOS and Android devices. The Chrome app for Windows is coming soon.
It uses modern mobile push tokens, where users get a push notification on their mobile device that they can simply accept or deny. When the user’s device does not have cellular reception, such as in airplane mode when traveling, the user can open the Verify app and use a one-time passcode (aka soft token). Also, if you have users with flip phones, they can receive a one-time passcode over SMS. These three methods cover all types of scenarios, ensuring that the right user can always log in.
- VMware Verify Documentation
- Embracing Consumerization for the Digital Workspace: VMware Introduces Workspace ONE
What are the advantages of using mobile push authentication?
While mobile push notification provides the convenience of not having to type a passcode, it also provides additional security by alerting the user through push notifications when someone else tries to log in using a compromised password. You can rest assured that such a login will not complete, and you can safely change your password.
Does it support step-up authentication ?
Yes, you can configure access policies in IDM, such as not requiring 2FA for initial authentication into the IDM portal or VMware Workspace ONE app, but requiring it when apps that require higher level of security assurance are launched. Once the user performs 2FA, they are not prompted again during the current log-in session when launching other apps with the two-factor requirement.
Is this feature available for VMware IDM on-premise deployments?
Verify is currently available for VMware IDM cloud deployments only. Support for VMware IDM on-premises deployment is coming soon.
How do I enable this feature?
Administrators can enable this feature through a simple two-step process:
1) Enable Verify authentication method under Built-in IdP configuration by selecting a checkbox.
2) Add Verify authentication method to access policy rule. Refer to this help page.
Can I install the Verify app on multiple devices?
Yes. A “circle of trust” is created, such that you can use any of these devices to perform 2FA. The first device (primary device) where you install the app needs to be a mobile phone. The rest of the devices can be WiFi-only tablets or phones.
What should I do when my phone number changes?
If you have installed the Verify app on multiple devices and the phone number of a secondary device changes, you don’t have to worry. Only if your primary phone number changes do you need to contact your company administrator, who can reset Verify registration from your user profile. When you log in the next time, you will be asked to register using your new phone number.
Can I use the same app to log into multiple tenants, such as test and production tenants?
Yes, you can use the same app and device for 2FA into multiple VMware IDM tenants. Push notifications are sent to log into any of these tenants. If you want to use OTP from the app, you will notice that each tenant appears as a tile at the bottom of the page displaying the OTP. Select the correct tile before using the generated OTP.
Can I use Verify for VPN authentication?
Currently, only VPNs that support a SAML interface, such as Cisco and Juniper SSL VPN, are supported by Verify. In the future, we plan to add support for VPN authentication using RADIUS protocol.
Can I use Verify to protect my personal app accounts?
Yes, you can use VMware Verify to protect personal accounts at Google, Dropbox, Evernote and any app that supports Google Authenticator (aka time-based OTP). Tap on Add Account at the bottom of the page displaying OTP to add your personal app accounts.