Users do not require to type user names or passwords to gain access to Microsoft Office 365 apps, including Outlook and VMware Boxer mail clients.

With VMware Workspace ONE customers get AirWatch to manage devices and Identity Manager to authenticate users. VMware's unique technology provides certificate based mobile Single-Sign-On (SSO) on iOS, Android, macOS and Windows devices.

For this article I want to focus on access to Office 365 applications, but the same applies to any SAML enabled web service with an according mobile application (example: Zendesk, Salesforce, Box, etc.).

With VMware Identity Manager administrators entitle groups or users to gain access to Microsoft Office 365 applications. VMware AirWatch deploys the mobile apps and unique certificates to users' enrolled/entitled devices if devices meet the organization's compliance criteria.

Users activate the Microsoft Office 365 apps, by simply opening any one of them and providing their e-mail address (one time task). The device will use the unique SSL certificate to authenticate with Identity Manager and create an activation token which is used to authenticate and activate any other Office 365 applications.

This process includes the Outlook e-mail app, which means for users that they gain access to their corporate e-mails without the need for any configuration of the Outlook app.

Organizations which prefer VMware Boxer e-mail application benefit from the same seamless SSO experience for their users.

The below video demonstrates the initial application activation of freshly installed Office 365 productivity apps by using VMware Identity Manager Mobile SSO on an iOS device. The process looks the same for users on Android devices.

Without Identity Manager SSO, users would need to provide their AD/ADFS user names and passwords on initial application launch and every 90 days. With Identity Manager this authentication task is handled by the unique SSL authentication certificate.

Administrators or compliance rules can revoke this certificate in any point in time to prevent unwanted user/device access to mobile applications.

Click on the below image to start the demonstration video.

VMware Workspace ONE certificate single sign on to Microsoft Office 365 mobile applications


To get help with any implementation questions or request a demo, please CONTACT US.


About the author
Peter Giesa is AirWatch Certified Technical Post-Sales On-Prem Expert and works as Solution Architect & Senior Consultant for Aerion Solutions.

About Aerion Solutions
Aerion Solutions is AirWatch Elite Partner, BOX Premier Partner, OKTA Premier Partner, VMware Premier Solution Provider and Zendesk Premier Partner in Finland with certified consultants and provides consulting and training services for AirWatch, BOX, OKTA, VMware and Zendesk implementations. Aerion Solutions’ consultants are familiar with G-Suite, O365, Azure and more traditional AD and LDAP environments.