This is the last post of the “Setting up Mobile SSO for WSO Access”.
If you haven’t had a chance to read the first two posts of the series, here are the links.
Windows 10 Mobile SSO is a certificate based authentication. A certificate is issued on the fly using SCEP protocol. SCEP allows us to issue certificate with user and device specific information such as user ID and device UDID.
After you have done with Mobile SSO wizard based setup, please do a fine tune and double check things are setup right for your environment.
On UEM side, make sure you have had the system generated profile assigned to your testing fleet.
The issued certificate comes with the user ID and UDID.
This makes a certificate is only valid for a single Windows 10 with one particular user. The certificate does not work with a other PC.
Just like what we did for iOS and Android Mobile SSO, please do a double check on system generated authentication method, built-in identity provider and policy on Access console to make sure things are setup in a right way.
Certificate (cloud deployment) is the authentication method we used on Windows 10 and MacOS to achieve Mobile SSO.
Make sure Certificate (cloud deployment) is enabled in the built-in identity provider.
In my default policy, Certificate authentication is the primary method with Verify 2FA as a fallback for Windows 10 devices.
Demo video showing the primary authentication method is certificate. If certificate is not presented, user is asked for Verify 2FA as a fallback.
This concluded “Setting up Mobile SSO for WSO Access” series.
Comments