Configuring Zero Sign-on in Ivanti EPMM

Create a Zero Sign-on configuration in Ivanti EPMM and sync with Ivanti Access.

Before you begin 

You have set up Ivanti Access with Ivanti EPMM. See Overview of configuration with Ivanti EPMM.

Procedure: Overview of steps

  1. Creating a Zero Sign-on policy in Ivanti EPMM
  2. Syncing the Zero Sign-on policy with Ivanti Access

Creating a Zero Sign-on policy in Ivanti EPMM

In Ivanti EPMM, create a Zero Sign-on policy.

Before you begin 

Ensure that you have configured Zero Sign-on in Ivanti Access.

Procedure 

  1. In Ivanti EPMM, go to Policies & Configs > Policies > Add New > SaaS Sign-on.
  2. In the Name field, enter a name for the configuration.
  3. For Status, select Active.
    Active is default status.
  4. (Optional) Add a description for the policy.
  5. For Identity Certificate, select the certificate enrollment setting you created for Ivanti Tunnel.
    The Ivanti Tunnel certificate is the same certificate you used to set up mobile app single sign-on in Ivanti Access.
  6. Turn on the Enable FIDOtoggle switch to enable FIDO authentication.
  7. Click Save.
  8. Apply the policy to a label.
    1. Select the SaaS sign-on policy.
    2. Click Actions > Apply To Label.
    3. Select the labels to apply and click Apply.

Syncing the Zero Sign-on policy with Ivanti Access

Sync with Ivanti Access to pull the Zero Sign-on configuration from the UEM.

Procedure 

  1. In Ivanti Access, navigate to the UEM tab.
  2. Select the Ivanti EPMM UEM and click the Sync UEM icon.
  3. Enter the credentials and click Verify.
  4. Click Done.