Configure Workspace ONE Access to use your AD FS server as an identity provider.

Procedure

  1. Log in to Workspace ONE Access with the tenant admin user name and password.
  2. On the Identity & Access Management tab, click Identity Providers.
  3. Click Add Identity Provider and select Create Third Party IDP.
  4. Enter a name and in the SAML Metadata text box, paste the contents of the FederationMetadata.xml file you downloaded from your AD FS server in Add Workspace ONE Access as a Relying Party for AD FS from the AD FS UI and click Process IDP Metadata.
  5. In the SAML AuthN Request binding drop-down menu, select HTTP Post.
    The Name ID format mapping for SAML response table below the text box is populated with the emails, id, and unserName Name IDs.
    1. urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
    2. urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
    3. urn:oasis:names:tc:SAML:2.0:nameid-format:transient
  6. From the Name ID policy in SAML Request (Optional) drop-down menu, select urn:oasis:names:tc:SAML:1.1:nameid-format:email address.
  7. Enable Just-In-Time User Provisioning.
    1. In the Just-In-Time User Provisioning section, select the Enable check box.
    2. In the Directory Name text box, enter the full Active Directory name.
    3. In the Domains text box, enter the full Active Directory name.
  8. In the Network section, select the ALL RANGES check box.
  9. Configure an authentication method.
    Authentication Method Steps
    Password Authentication
    1. In the Authentication Methods text box, type a name for an authentication method.
    2. In the SAML Context drop-down menu, select urn:oasis:names:tc:SAML:2.0:ac:Classes:PasswordProtectedTransport.
    PIV Authentication
    1. In the Authentication Methods text box, type a name for an authentication method.
    2. In the SAML Context drop-down menu, select urn:oasis:names:tc:SAML:2.0:ac:classes:X509.
  10. In the Single Sign-Out Configuration section, select Enabled.
  11. Save the IDP configuration.

Example: IDP Configuration

A screenshot of the IDP settings