In this step, you set up federation with your OpenID Connect (OIDC) based corporate identity provider and configure the IdP settings on the Workspace ONE Access tenant created for your enterprise to use SCIM-based user and group provisioning.
Depending on the IdP you select for your federation setup, one or more
Provisioning Type options are displayed:
- SCIM-based
Note: This option is currently available for Azure Active Directory. To configure SCIM-based provisioning for your enterprise federation setup, you must also configure your third-party IdP and provide using the settings from the Set up identity provider for SCIM provisioning step of the workflow.
- JIT-based.
For this example, ACME enterprise is using
Azure Active Directory with SCIM-based provisioning. As the
Enterprise Administrator setting up federation for ACME, you configure
Azure Active Directory.
Note: Currently
Azure Active Directory and
AWS Cognito are the only OIDC-based identity provider option for self-service federation with
VMware Cloud Services.
Prerequisites
In this step, you must set user identification preference - how users of your enterprise are going to identify themselves when accessing
VMware Cloud Services from the Cloud Services discovery page. The available options are Email, User Principal Name (UPN), and
User@Domain. If you consider setting
User@Domain as the user identification preference for your enterprise, you must be aware of the following restriction.
Restriction: Once the identity provider is configured with
User@Domain identification preference, you won't be able to go back to
Step 1: Verify Domains and add more domains during the setup. You must add all domains that you want to federate before you start this step of the self-service federation flow. If you want to add another domain after this step is completed, you must file a support ticket.
Procedure
Results
In this step, you added your identity provider to the Workspace ONE Access tenant configuration, configured the Workspace ONE Access tenant as a service provider on your IdP, selected the value to be used for identifying the user in the OIDC response, and specified the authentication method to be used to authenticate the user on the identity provider.
What to do next
Validate the login to your IdP and activate federation.