You copy the SAML signing certificate and the SAML service provider metadata from the service and edit the SAML assertion in the third-party identity provider to map VMware Identity Manager users.

Procedure

  1. In the administration console Catalog tab, select Settings > SAML Metadata.
    1. Copy the certificate information that is in the Signing Certificate section.
  2. Make the SAML SP metadata available to the third-party identity provider instance.
    1. On the Download SAML Certificate page, click Service Provider (SP) metadata.
    2. Copy and save the displayed information using the method that best suits your organization.

      Use this copied information later when you configure the third-party identity provider.

  3. Determine the user mapping from the third-party identity provider instance to VMware Identity Manager.

    When you configure the third-party identity provider, edit the SAML assertion in the third-party identity provider to map VMware Identity Manager users.

    NameID Format

    User Mapping

    urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

    The NameID value in the SAML assertion is mapped to the email address attribute in VMware Identity Manager.

    urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified

    The NameID value in the SAML assertion is mapped to the username attribute in VMware Identity Manager.

What to do next

Apply the information you copied for this task to configure the third-party identity provider instance.