When applications that use SAML authentication are added, authentication and authorization data is exchanged between the application and VMware Identity Manager to verify that users can access the Web application.

About this task

When you successfully complete the application record for a Web application, an entry is created in your catalog that points indirectly to the Web application, and the Web application and the VMware Identity Manager service can use SAML to communicate with each other.

You can apply an access policy to control user access to the application. If you do not want to use the default access policy, create a new one. See VMware Identity Manager Administration Guide for information about managing access policies.

Procedure

  1. In the administration console, click the Catalog tab.
  2. Click Add Application > Web Application ...create a new one.
  3. Complete the information on the Details page, and click Next.

    Form Item

    Description

    Name

    Enter the name of the application.

    Description

    (Optional) Add a description of the application.

    Icon

    (Optional) To add an icon that displays in the users Workspace ONE application page, click Choose File to upload an icon.

    PNG, JPG, and ICON file formats, up to 4 MB, are supported. Uploaded icons are resized to 80px X 80px.

    To prevent distortion, upload icons where the height and width are equal to each other and as close as possible to the 80px X 80px resize dimensions.

  4. Select the Authentication Profile, SAML 2.0 POST or SAML 1.1 Post. The SAML profiles enable single sign-on from VMware Identity Manager to the Web application. SAML 1.1 POST profile is an older SAML authentication profile. For better security, use SAML 2.0
  5. In the Configuration page, edit the application record's configuration details , and click Save.

    Some of the items on the form are prepopulated.

    When one of the SAML POST Profiles is selected on the Details page, the Configuration page includes the Configure Via section. Use the options in the Configure Via section to specify how the application metadata is retrieved. You can select retrieval by auto-discovery URL, meta-data XML, or manual configuration.

    Option

    Action

    Auto-discovery (meta-data) URL

    If the XML metadata is accessible on the Internet, provide the URL.

    Meta-data XML

    If the XML metadata is not accessible on the Internet, but is available to you, paste the XML in the text box.

    Manual configuration

    If the XML metadata is not available to you, complete the XML manual configuration items.

  6. Select the Entitlements, Licensing, and Provisioning tabs and customize the information as appropriate.

    Tab

    Description

    Entitlements

    Entitle users and groups to the application. You can configure entitlements while initially configuring the application or anytime in the future.

    Access Policies

    Apply a Web application-specific access policy to control user access to the application.

    Licensing

    Configure license tracking. Add license information for the application to track license usage in reports.

    Provisioning

    Select a provisioning adapter, if applicable.

    Provisioning provides automatic application user management from a single location. Provisioning adapters allow the Web application to retrieve specific information from the VMware Identity Manager service as required. For example, to enable automatic user provisioning to Google Apps, user account information, such as the user name, first name, and last name must exist in the Google Apps database. An application might require other information, such as group-membership and authorization-role information.

    See Using Provisioning Adapters for more information.

  7. Click Save.