You copy the SAML signing certificate and the SAML service provider metadata from the service and edit the SAML assertion in the third-party identity provider to map Workspace ONE Access users.
Procedure
- In the console Catalog tab, select Web Apps .
- Copy the certificate information that is in the Signing Certificate section.
- Make the SAML SP metadata available to the third-party identity provider instance.
- In the SAML Metadata section, click Service Provider (SP) metadata.
- Copy and save the displayed information using the method that best suits your organization.
Use this copied information later when you configure the third-party identity provider.
- Determine the user mapping from the third-party identity provider instance to Workspace ONE Access.
When you configure the third-party identity provider, edit the SAML assertion in the third-party identity provider to map
Workspace ONE Access users.
| NameID Format |
User Mapping |
| urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress |
The NameID value in the SAML assertion is mapped to the email address attribute in Workspace ONE Access. |
| urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified |
The NameID value in the SAML assertion is mapped to the username attribute in Workspace ONE Access. |
What to do next
Apply the information you copied for this task to configure the third-party identity provider instance.
