Configuring Zero Sign-on in Cloud

Create a Zero Sign-on configuration in Cloud and sync with Access.

Before you begin 

Ensure that you have set up Access with Cloud. See Overview of configuration with Cloud.

Procedure: Overview of steps

1. Creating a Zero Sign-On configuration in Cloud
2. Syncing the Zero Sign-On configuration with Access

Creating a Zero Sign-On configuration in Cloud

In Cloud, create a Zero Sign-on configuration.

Before you begin 

Ensure that you have configured Zero Sign-on in Access.

Procedure 

1. In Cloud, go to Configurations > + Add > Saas Sign-On.
2. In the Name field, enter a name for the configuration.
3. (Optional) Expand + Add Description, to add a description for the configuration.
4. For SCEP Identity, select the identity certificate you created for Tunnel.
   The Tunnel certificate is the same certificate you used to set up mobile app single sign-on in Access.
5. Turn on the Enable FIDOtoggle switch to enable FIDO 2 authentication.
6. Select a distribution option.
   The configuration is distributed to the devices in the selected option.
7. Click Done.

Related topics 

• For more information about configuring mobile app single sign-on (SSO):
  • For a federated pair, see Configuring Mobile App Single Sign-on (SSO).
  • For delegated IdP, see Configuring Access as the delegated IdP .

Syncing the Zero Sign-On configuration with Access

Sync with Access to pull the Zero Sign-on configuration from the UEM.

Procedure 

1. In Access, navigate to the UEM tab.
2. Select the Cloud UEM and click the Sync UEM icon.
3. Enter the UEM administrator credentials .
4. Enter the credentials and click Verify.
5. Click Done.
   The SaaS Sign-on configuration and Authenticate configuration is now synced with Access.