You can add Web applications to your catalog by either selecting them from the cloud application catalog or creating new ones.

The cloud application catalog contains commonly-used enterprise Web applications. These applications are partially configured and you must provide additional information to complete the application record. You might also need to work with your Web application account representatives to complete other required setup.

Many of the applications in the cloud application catalog use SAML 2.0 or 1.1 to exchange authentication and authorization data to enable single sign-on from Workspace ONE to the Web application.

When you create a new application, you need to enter all the configuration information for the application. The configuration varies based on the type of application you are adding. For applications with no federation protocol, you only require a Target URL.

Applications from any third-party identity providers that you have configured as application sources in VMware Identity Manager are added as new applications.

While adding an application, you also select an access policy to control user access to the application. A default access policy is available and you can also create new ones from the Identity & Access Management > Manage > Policies page. See VMware Identity Manager Administration for information about access policies.

Prerequisites

  • Obtain the configuration information for the application.
  • Create an access policy if you do not want to use the default access policy. You can create access policies from the Identity & Access Management > Manage > Policies page.
  • Create categories if you want to group applications into categories. A predefined Recommended category is available. You can create categories from the Catalog > Web Apps page by clicking Categories and typing the category name in the text box.
  • Create user groups, if required. You can create groups from the Users & Groups > Groups tab.

Procedure

  1. In the VMware Identity Manager console, select the Catalog > Web Apps tab.
  2. Click New.
    The New SaaS Application wizard appears.
  3. On the Definition page, select an application from the cloud application catalog or create a new one.
    • To select an application from the cloud application catalog, either type its name in the search box or click "or browse from catalog" and select it from the list of applications.

      The fields on the Definition and Configuration pages are partially populated.

    • To create a new application, enter its name in the Name field.
    Important: To add Office 365 applications, select them from the cloud application catalog.
  4. Complete the remaining fields on the Definition page.
    Option Description
    Name Enter a unique name for the application.
    Description (Optional) Enter a description of the application.
    Icon (Optional) Upload an icon for the application. Icons in PNG, JPG, and ICON file formats, up to 4MB, are supported.

    The icon must be a minimum of 180 x 180 pixels. If the icon is too small, it does not display. In that case, the Workspace ONE icon is displayed.

    Category (Optional) To add the application to a category, select it from the drop-down menu. Categories must already be created.

    A predefined Recommended category is available. Select it if you want the application to appear in the Recommended page in Workspace ONE. If you want the app to appear in the users' Bookmarks page , select the Recommended category and in the Catalog > Settings > User Portal Configuration page, select Show recommended apps in Bookmarks tab.

  5. Click Next.
  6. On the Configuration page, enter the application configuration details.

    For applications that are added from the cloud application catalog, some fields are pre-populated with information specific to each Web application. Some of the pre-populated items are editable, while others are not. The information required varies from application to application.

    For applications that are being added as new applications, the fields vary based on the authentication type you select.

    For information about specific fields, click the information icon next to the field.

    Option Description
    Single Sign-On Authentication Type

    For applications that are added from the cloud application catalog, the authentication type is preselected. For new applications, select the authentication type if applicable. If the application does not use a federation protocol, select Web Application Link.

    The following options are available:

    • SAML 2.0

      If the Web application supports SAML 2.0, an XML-based standard for the secure exchange of authentication and authorization information, select this option to enable single sign-on from Workspace ONE to the application.

    • SAML 1.1

      If the Web application supports SAML 1.1, select this option to enable single sign-on from Workspace ONE to the application.

    • WSFed 1.2 (Supported for Office 365 only)

      Do not select the WSFed 1.2 option while creating a new Web application.

      The WS-Federation 1.2 authentication type is only supported for Office 365 applications. To add Office 365 applications, select them from the cloud application catalog. The authentication type will be preselected.

    • OpenID Connect

      If the application supports OpenID Connect, an authentication protocol based on the OAuth 2.0 protocol, select this option to enable single sign-on from Workspace ONE to the application.

    • Any third-party identity providers configured as application sources in VMware Identity Manager, for example, Okta.

      Select this option to add an application from an application source. Application sources appear in the list only if they are already configured in the Web Apps Settings page. When you select an application source, you only need to enter the target URL of the application as the rest of the configuration is already completed in the application source.

    • Web Application Link

      Select this option if the application does not use a federation protocol. You only need to enter the target URL of the application.

    Configuration

    The fields that appear vary based on the selected authentication type. Click the information icon for a description of each field.

    If you selected an application source or Web Application Link, you only need to enter the target URL of the application.

    Application Parameters

    For applications added from the cloud application catalog, parameters may be listed. If a parameter is listed and does not have a default value, enter a value to allow the application to launch. If a default value is provided, you can edit the value.

    For new applications, add the required parameters.

    Note: This section does not appear when OpenID Connect, an application source, or Web Application Link is selected as the authentication type.
    Advanced Properties

    Advanced properties include options to sign and encrypt SAML assertions and responses, and an option to enable authentication failure notification to send a SAML response to the service provider when authentication fails. The properties you can configure vary based on the selected authentication type. Click the information icon for a description of each field.

    Note: This section does not appear when OpenID Connect, an application source, or Web Application Link is selected as the authentication type.
    Open in VMware Browser Select this option if you want the Workspace ONE app to open the application in the VMware Browser, which provides a secure alternative to the native Web browser.
  7. Click Next.
  8. On the Access Policies page, select the access policy to manage user access to the application.
    The default_access_policy_set is selected by default.
  9. On the Summary page, review your selections and click Save, or click Save & Assign to assign the application to users and groups.
    If you do not assign the application to any users and groups at this time, you can do so later by selecting the application in the Catalog > Web Apps page and clicking Assign.
  10. If you clicked Save & Assign, assign the application to users and groups.
    1. Add users and groups by typing the name in the search box and selecting from the results.
    2. Select the deployment type for each user and group.
      Regardless of whether you select User Activated or Automatic, the application appears in the Catalog page in Workspace ONE. Users can run the application from the Catalog page or bookmark it and run it from the Bookmarks page. If you plan to set up an approval flow for the application, select User Activated.
    3. Click Save.

Results

The application is added to the catalog and appears in the list of applications in the Catalog > Web Apps tab.