Workspace One Access – Reverting Access Policy Changes When You Are Locked Out


This is a very quick how-to with regards to re-gaining access to Workspace One Access following a miss-configuration of the default access policy. This is much more common than you would think!

It’s Easy When You Know How

In older versions of vRA (7.x) it was quite common to make an access policy change only to find that there was a miss-configuration in the policy and then suddenly you (the admin) was unable to get back into vRA to revert the change. At the same time none of your users would also be able to get into vRA resulting in a lot of shouting and fist waving. To fix this issue meant issuing a series of REST API calls to the vRA appliance to get an oauth token and then reset the default access policy back to its default values.

Now with vRA 8.x we have a situation where the same type of issue could occur but the product components are now separated out along with obvious product version changes meaning that we now have a completely different (and much simpler) procedure to help fix the issue.

Rather than issuing a policy change back to default we can force the login process to use local password access by using the following URL format.


This will enable you to login as a local admin only to the system domain and therefore gain access to the access policies and revert any changes you have made.

As you can see from the above image, you are forced to login to the System Domain no matter how many other authentication sources you have defined.

Once you have made your changes and saved the policy then all should be returned to normal.