Workspace ONE Access goes Time-based One-Time Password (TOTP)

Workspace ONE Access Cloud now supports a new authentication method ‘Authenticator App’ to enhance its native MFA capabilities.
This MFA is ideal for users with unmanaged devices, can be used offline, and requires no collection of personal identifying information (PII).
Users can leverage any authenticator app of their choice–such as Google Authenticator, Microsoft Authenticator, Okta Verify, Authy, 1Password–that follows the time-based one-time passcode (TOTP) standards as defined in RFC 6238 on their own device.

Now let’s have a look on the Workspace ONE Access Console and how to set this up.
Another great Release is the Redesigned Workspace ONE Access Navigation 🙂

With a new toggle at the header in the console we can switch to the redesigned console and also witch back for easy comparison.


Setting up the new Authenticator App feature is quite easy, we just need to navigate to Integrations, the Authentication Methods and the we see the new Authenticator App method on the right side.

Just click on it, and press Configure on the next screen

Here we just need to enable the Authenticator Adapter Authentication and set the options like Number of re-tries and a custom text for registration based on our needs.

If this is done, we need to enable this new auth method in the Identity Provider section, this can be found also within the Integrations section, then just click on the Identity Providers menu and open up the Identity Provider where you want to enable this feature.

In my example we need to enable the Authenticator App auth methods in the
System Identity Provider.

Then just press Save to submit the settings and make this auth method available.

In the next part we need to adjust the Access Policy based on our needs and of course the Use-Case we want to adapt.
The policies menu is now located in the Resources section, after navigating to it just press the Policies button to get started.


In my first example I am adjusting the default_access_policy and want to use the new Authenticator app authentication Method as an additional auth factor.

For sure we can also create a dedicated Policy and configure the new Authenticator App there.

In this example we have a new Policy called TOTP, and this applies to the
Workspace ONE UEM application.

And within the Policy Rule we then can assign e.g the new Authenticator App auth method.

Within the Accounts, User and then Two-Factor Authentication section we can see that the user already registered an Auth App.

This new authentication method is great and an additional option to implement interesting and additional Use-Cases.Check also the latest Release Notes here!

Check out my LinkedIn Post and watch how it is looking like and enjoy testing and implementing! 🙂


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create your website with WordPress.com
Get started
%d bloggers like this: