How to Enable Kerberos Authentication to configure SSO on Workspace ONE
At enterprise level, it is very important to provide best of End User experience to customers. Users really want a seemless experience to their work environement be it the applications or other services.
Workspace ONE provides few capablities that make sure users who are logging in to a domain joined machine dont have to provide password again to access any of other services intergrated to workspace one.
Kerberos Authentication is of of the protocol that Worksapce ONE use to provide Single Sign On Functionality to End Users.
We will see how to enable kerberos authentication on workspace one for users to provide Single Sign On Functionality.
It is really important to understand authentication types and policies that Worksapce ONE is having.
We enable all authentication types by enabling the respective adapters at connector level.
and use of authentication adaptros is forces by Worksapce ONE access policies.
Lets see how to enable adaptors and configure policies to implement kerberos Authentication.
Login to worspace ONE admin UI page.
Click identity & Access Management and Click Setup on right..
this will list all connector servers, Now click on the connection server where you want to enable kerberros Generally it will be a internal connectors.
after clicking the connector server you will move to another page as below, click Auth Adapters
It will list adapter types spported by Workspace ONE, observe only password adapter is enabled.
We need to enable KerberosAdapter , for that click on KerberosAdaptor, It will redirect to appliance configuration page.
Once redirected it will show configuration page. click Enable Windows Authentication and hit Save .
type SamAccountName in Directory UID attributes field.
click save to finish configuration. Confirm the same on adapter configuration page.
Now we need to configure access policy to utilize kerberos authentication.
click on Identity & Access Management click manage and click Policies
We are having only one policy which defines, what protocols should be used for users who are coming from diffirent networks with diffirent platforms.
We will only see policy for internel Network range , Web Browser as device type and set authentication methods.
click on policy, once loaded click on authentication method
It will load a authentication method configuration page ..as below.
as can see above Password and Certificate are the authentication method used at this moment
click drop down and select kerberos as primary and password as secondory as above. click ok and finally save policy. Make sure below settings before hitting Ok to save poilcy.
Once policy is saved Workspace ONE end configuration is done and ready for kerberos. how ever client end settings include small addition to IE or browser as below . Make sure we enable blow mentioend serttings on Internet Explorer.
When user has brower, using above settings and hit Workspace ONE UI it,will process request using kerberos protocol by using Windows Session password. User do not have to provide any password this is how User will get seemless single sign on experience for all the applications integrated with WorkspaceONE.