You can use these items to troubleshoot your problems.

  • Verify that the time is synchronized across all components.
    • Use NTP.
    • Compare the timestamp on any Workspace ONE Access errors with the current time on the AD FS servers.
  • Log in to the AD FS Server and check the AD FS logs in the Event Viewer/Application and Services Logs/AD FS/.
  • Verify if you can access https://<ADFSserver>/ADFS/ls/IdpInitiatedSignOn.aspx. If you do not, then log in to AD FS Server and run the following in PowerShell as an administrator: 
    • Set-AdfsProperties - EnableIdPInitiatedSignonPage $true
    • Verify by running Get-AdfsProperties and check if the value has been changed to True.
  • Verify that the AD FS service account has Read permissions to the AD FS certificate in use.