Vmware Verify is a multi-factor authentication (MFA) service that allows verification using 3 methods, Push approval with OneTouch notification, Time-based One Time Password, and text messages. VMware Verify was easy to integrate with VMware Workspace ONE Access to create a multifactor authentication.
End of life
VMware Verify will reach end-of-support (EoS) and end-of-availability date (EoA) on October 31st, 2022. The mobile application will be removed from the App Store and Play Store on this date. Current users will also be unable to use the application for any second-factor authentication.
VMware created an excellent KB article on the migration paths toward a few different multi-factor authentication solutions.
In this blog post, I will explain how to migrate towards the Authenticator App (that supports any app supporting TOTP RFC 6238 standard).
First, we need to enable and configure the Authenticator App in Workspace ONE Access
- In the Workspace ONE Access console go to Integrations > Authentication Methods page. Select the Authenticator App and click CONFIGURE.
- Click the toggle icon to enable the Authenticator App and configure the settings and maybe use custom text for registration and/or recovery and click SAVE.
Edit the Default Access Policy
To add the Authenticator App as the second authentication method for two-factor authentication we will need to edit the Default Access Policy.
- In the Workspace ONE Access console go to Resources > Policies. Select the default_access_policy_set and click EDIT.
- Click NEXT to go to configuration and click on ALL RANGES to change to Authentication.
- Change, underneath Authenticate using, VMware Verify to Authenticator App and click save. Check the difference below by using the arrows.
- Click NEXT and SAVE to save the new settings.
Edit Build-in ldP
Add the Authenticator App to the Build-in ldP authentication methods.
- In the Workspace ONE Access console go to Integrations > Identity Providers and click on Build-in ldP.
- Go to Authentication Methods and check the box behind Authenticator App.
Using a new MFA service means that the end-user will need to register. Authenticator apps such as Authy, Google Authenticator, or Microsoft Authenticator are supported. Below are some steps, the end-user must take to register.
- The end-user will need to log in to the Workspace ONE Access URL with their Username and Password.
- To register the end-user must scan the QR-Code in their preferred authenticator app and enter the Passcode
- The next time the user logs in with their username and password they will be asked to enter the passcode from the authenticator app.
Reset Authenticator App registration
If for some reason an end-user cannot log in using their authenticator app you can reset the Authenticator Registration using the following procedure.
- In the Workspace ONE Access console go to Accounts > User and select the specific user.
- Select the Two-Factor Authentication and select RESET underneath Authenticator App and confirm with RESET.
- The end-user will need to re-register their authenticator app.
The Authenticator App is a good alternative for VMware Verify and is also free of charge. Some small downsides compared to VMware Verify is a lack of push approval with OneTouch notifications and sending text messages with a one-time verification code.
If you have any questions, please let me know by leaving a comment.