A financial services firm is integrating Salesforce as a SAML application in Workspace ONE Access. The firm's security policy requires that user accounts in Salesforce are created automatically upon first login, but only for users in the 'Sales' Active Directory group. Furthermore, the user's employee ID and department must be passed as attributes in the SAML assertion. Which configuration is required to meet all these requirements?
An organization wants to implement passwordless authentication for its developers using FIDO2-compliant security keys (e.g., YubiKey) to access internal web applications through Workspace ONE Access. Which THREE of the following components or configurations are essential for this solution to function correctly? (Select THREE)
During UAT testing for a new SAML integration, users report receiving an 'Invalid Signature on SAML Response' error from the service provider. The Workspace ONE Access administrator confirms that the correct signing certificate is uploaded to the service provider and has not expired. The service provider is a multi-tenant SaaS application. What is the most likely cause of this error? ```mermaid sequenceDiagram participant User participant Browser participant Access as Workspace ONE Access participant SP as Service Provider User->>Browser: Access SP URL Browser->>Access: Redirect with SAML Request Access->>Access: Authenticate User Access->>Browser: Generate Signed SAML Response Browser->>SP: POST SAML Response SP->>SP: Validate Signature (FAILS) SP-->>Browser: Error: Invalid Signature ```
When deploying Workspace ONE Access in an on-premises environment to integrate with an existing Active Directory forest, what is the primary function of the Workspace ONE Access Connector?
A university is implementing a BYOD program for students and wants to ensure that personal devices accessing university resources are secure. They are using Workspace ONE UEM and have integrated it with a Mobile Threat Defense (MTD) solution. The security team wants to automatically block access to university email if the MTD solution detects malware on a device. What is the most effective way to configure this?
**Case Study** A global investment bank, FinSecure, uses Workspace ONE as its digital workspace platform. They are integrating Microsoft 365 and have extremely strict security requirements. The Chief Information Security Officer (CISO) has mandated a risk-based conditional access model. **Current Environment:** - Workspace ONE Access is federated with Azure AD. - Workspace ONE UEM manages all corporate-owned iOS and Windows 10 devices. - Workspace ONE Intelligence is deployed and collecting data from UEM and Access. - The primary user directory is on-premises Active Directory, synchronized to both Azure AD and Workspace ONE Access. **Requirements:** 1. Users on UEM-managed and compliant devices must be granted seamless single sign-on to Microsoft 365 applications. 2. Users on unmanaged devices or devices with a 'High' risk score in Workspace ONE Intelligence must be blocked from accessing Microsoft 365. 3. Users on managed but non-compliant devices (e.g., outdated OS) must be prompted for VMware Verify MFA. 4. The solution must be centrally managed and leverage the existing VMware and Microsoft investments. Which solution design meets all of FinSecure's requirements?
An administrator is configuring Mobile SSO for iOS devices to allow seamless access to internal web applications. This configuration relies on Kerberos authentication. When creating the iOS device profile in Workspace ONE UEM, which certificate is essential to upload to facilitate the Kerberos authentication process?
After configuring directory synchronization with Active Directory, an administrator notices that users who are members of nested groups (e.g., a user is in 'Group A', which is a member of 'Group B') are not being synchronized into Workspace ONE Access when only 'Group B' is added to the sync rule. What is the most likely reason for this issue?
A security operations team wants to forward audit and system logs from Workspace ONE Access to their Splunk SIEM for threat correlation. They require the logs to be in a structured, key-value pair format for easy parsing in Splunk. Which syslog format should the administrator configure on the Workspace ONE Access appliance?
True or False: When using Just-in-Time (JIT) provisioning with a third-party SAML identity provider, the Workspace ONE Access Connector is required to create the user accounts in the Workspace ONE Access service directory.