Configuring Zero Sign-on in Core

Create a Zero Sign-on configuration in Core and sync with Access.

Before you begin 

You have set up Access with Core. See Overview of configuration with Core.

Procedure: Overview of steps

1. Creating a Zero Sign-on policy in Core
2. Syncing the Zero Sign-on policy with Access

Creating a Zero Sign-on policy in Core

In Core, create a Zero Sign-on policy.

Before you begin 

Ensure that you have configured Zero Sign-on in Access.

Procedure 

1. In Core, go to Policies & Configs > Policies > Add New > SaaS Sign-on.
2. In the Name field, enter a name for the configuration.
3. For Status, select Active.
   Active is default status.
4. (Optional) Add a description for the policy.
5. For Identity Certificate, select the certificate enrollment setting you created for Tunnel.
   The Tunnel certificate is the same certificate you used to set up mobile app single sign-on in Access.
6. Turn on the Enable FIDOtoggle switch to enable FIDO authentication.
7. Click Save.
8. Apply the policy to a label.
   1. Select the SaaS sign-on policy.
   2. Click Actions > Apply To Label.
   3. Select the labels to apply and click Apply.

Related topics 

• For more information about configuring mobile app single sign-on (SSO):
  • For a federated pair, see Configuring Mobile App Single Sign-on (SSO).
  • For delegated IdP, see Configuring Access as the delegated IdP .

Syncing the Zero Sign-on policy with Access

Sync with Access to pull the Zero Sign-on configuration from the UEM.

Procedure 

1. In Access, navigate to the UEM tab.
2. Select the Core UEM and click the Sync UEM icon.
3. Enter the credentials and click Verify.
4. Click Done.