The Unified Access Gateway service provider metadata file that you downloaded must be uploaded to the Web application configuration page in the Workspace ONE Access service.

The SSL certificate used must be the same certificate used across multiple load-balanced Unified Access Gateway servers.


You must have saved the Unified Access Gateway Service Provider Metadata file to the computer.


  1. Log in to the Workspace ONE Access admin console.
  2. In the Catalog tab, click Add Application and select create a new one.
  3. In the Application Details page, enter an end-user friendly name in the Name text box.
  4. Select the SAML 2.0 POST authentication profile.
    You can also add a description of this application and an icon to display to end users in the Workspace ONE portal.
  5. Click Next and in the Application Configuration page, scroll down to the Configure Via section.
  6. Select the Meta-data XML radio button and paste the Unified Access Gateway service provider metadata text into the Meta-data XML text box.
  7. (Optional) In the Attribute Mapping section, map the following attribute names to the user profile values. The FORMAT field value is Basic. The attribute names must be entered in lower case.
    Name Configured Value
    upn userPrincipalName
    userid Active Directory user ID
  8. Click Save.

What to do next

Entitle users and groups to this application.

Note: Unified Access Gateway supports only single domain users. If the identity provider is set up with multiple domains, the application can be entitled only to users in a single domain.