Which three configuration changes must be made to use an enterprise Certificate Authority (CA) for Mobile SSO with iOS devices? (Choose three.)
A. Integrate 3rd party Certificate Authority (CA) with Workspace ONE UEM console
B. Configure Mobile SSO adapters in Workspace ONE to trust enterprise CA
C. Modify Mobile SSO profiles to use enterprise CA
D. Configure mobile application records in Workspace ONE to trust enterprise CA
E. Modify Workspace ONE authentication policies to use enterprise CA
F. Configure VMware Tunnel network traffic rules to allow access to enterprise CA
I think the correct answer is : ABC
You have to modify the Mobile SSO adapter in WSO Access to upload the root/inter CA to trust the enterprise CA (B).
F is totally incorrect. The answer is there to trick you. IOS leverage Kerberos Authentication. Never need Tunnel to intercept the authentication flow.
The correct answer is:
A.
C.
E.
References:
Configure Active Directory Certificate Authority in AirWatch
https://docs.vmware.com/en/VMware-Workspace-ONE/services/aw-vidm-ws1integration-/GUID-C0308F39-AC0F-42F6-B672-1C8D3BFEDE26.html
Configure Apple iOS Profile in AirWatch Using Active Directory Certificate Authority and Certificate Template
https://docs.vmware.com/en/VMware-Workspace-ONE/services/aw-vidm-ws1integration-/GUID-1AEB8F12-4C3C-49EE-A1C2-5F742B13F2F6.html
Configure Mobile SSO for iOS Authentication
https://docs.vmware.com/en/VMware-Workspace-ONE/services/aw-vidm-ws1integration-/GUID-59D589F7-55A4-4F96-AC04-D9A498DF3CCE.html