The Security Assertion Markup Language (SAML) 2.0 Authentication offers single sign-on support and federated authentication. AirWatch never receives any corporate credentials. If an organization has a SAML Identity Provider server, use SAML 2.0 integration.


  • Offers single sign-on capabilities.
  • Authentication with existing corporate credentials.
  • AirWatch never receives corporate credentials in plain-text.


  • Requires corporate SAML Identity Provider infrastructure.


  1. Device connects to AirWatch for enrollment. AirWatch server redirects the device to the client specified identity provider.
  2. Device securely connects through HTTPS to client provided identity provider and user enters credentials.
    • Credentials are encrypted during transport directly between the device and SAML endpoint.
  3. Credentials are validated against directory services.
  4. The identity provider returns a signed SAML response with the authenticated user name.
  5. The device responds back to the AirWatch server and presents the signed SAML message. The user is authenticated.

For more information, see the VMware AirWatch SAML Integration Guide .