You can add Web applications to your catalog that are not listed in the cloud application catalog. You create an application record when you add the Web application.

When you create an application record for a Web application that you add to your catalog, you select the authentication profile to use to authenticate users when they access the application.

Many applications use Security Assertion Markup Language (SAML) to exchange authentication and authorization data to verify that users can access a Web application.

Web applications that cannot use Federation for authentication can be configured with either the HTTP Basic or HTML Form authentication profile. This type of authentication profiles a single sign-on experience for users. Security benefits inherent to a federation protocol, such as user deprovisioning, are not included. The following authentication profiles are supported in VMware Identity Manager.

  • SAML 2.0 POST Profile. The SAML 2.0 authentication profile enables single sign-on from VMware Identity Manager to the Web application.

  • SAML 1.1 POST Profile. SAML 1.1 is an older SAML authentication profile. For better security, implement SAML 2.0.

  • WSFed 1.2 POST Profile. When the Web app supports WS-Federation authentication, select this authentication type to provide single sign-on to those Web applications.

  • HTTP Basic authentication uses the user name and password to authenticate the user against a Web application. The login request is managed by the browser. When users log in to the Web application the first time, they are asked for their user name and password. The Workspace ONE browser extension collects the credentials and securely stores them in VMware Identity Manager for replay on subsequent login attempts. Users only reenter credentials again when the credentials are changed.

  • HTML Form authentication can be configured for Web applications that use an HTML login page. You configure VMware Identity Manager to recognize the user name and password login fields. The Workspace ONE browser extension collects the credentials and securely stores them in VMware Identity Manager for replay on subsequent login attempts. Users only reenter credentials again when the credentials are changed.

You can also select No Authentication. VMware Identity Manager does not manage the authentication.

Workspace ONE Extension

To have the single sign-on experience with Web applications that use HTTP Basic and HTML Form authentication, the Workspace ONE extension must be installed in the browser. The extension enables a secure, single sign-on experience on desktop Web browsers.

The Workspace ONE browser extension must be added to the users' browsers to benefit from a single sign-on experience for HTTP Basic and HTML Form applications. The admin configures a profile to understand custom third-party Web applications. The extension downloads this profile. This extension records and replays user credentials. The extension supports user names, password, and other generic text fields.

When users are entitled to an application that uses HTTP Basic or HTML Form authentication profiles, they are asked to install the Workspace ONE browser extension from the Workspace ONE Web portal. A banner at the bottom of the portal prompts users to install the extension. If users decline to install the extension, another prompt displays when users try to access an application in their portal that can take advantage of the extension.

If the Workspace ONE extension is not installed, users must enter their credentials to access the application.