Configure the application source in the Catalog > Settings page to integrate third-party applications with the Workspace ONE catalog. After the application source is configured, you can add applications from the source to the Workspace ONE catalog.

The common configuration settings are set at the application source level. Applications from the application source that you add to the Workspace ONE catalog use these configuration settings. Configuring the application source once makes it easy to add multiple applications to the catalog.


  1. Log in to the VMware Identity Manager console.
  2. Click the Catalog > Web Apps tab and click Settings.
  3. Select Application Sources.
  4. Select the type of application source to configure.
  5. Enter a descriptive name for the application source and click Next.
  6. Modify the application source configuration.
    Option Description
    URL/XML Select URL/XML to use auto-discovery URL or meta-data XML or Manual
    • Auto-discovery (meta-data) URL. If the XML metadata is accessible on the Internet, provide the URL.
    • Meta-data XML. If the XML metadata is not accessible on the Internet, but is available to you, paste the Meta-data XML in the text box.
    • Manual configuration. If the XML metadata is not available to you, manually configure the XML in the text boxes that are displayed.
    Relay State URL Enter a custom landing page that users are sent to by Workspace ONE after authenticating to the single sign-on URL.
      Advanced Configuration Options
    Sign Response Enabled. The entire response is signed.
    Sign Assertion Enable to sign the assertion.
    Encrypt Assertion If enabled, the SAML assertion is encrypted. For encryption to work, the ability to read encrypted SAML assertions must be supported.
    Include Assertion Signature Enable to include the Workspace ONE signing certificate inside the SAML response. Your application service provider might require this the signing certificate included with the SAML response.
    Signature Algorithm Select SHA256 with RSA as the secure encrypted hash algorithm to use for the signature.
    Digest Algorithm Select SHA256.
    Application Login URL Enter the application service provider's login page URL to trigger a service provider initiated log in to Workspace ONE. Some application service providers do not support single sign-on assertions sent directly from Workspace ONE and instead require that the login process start at their own login page.
    Proxy Count Set the proxy count to limit the number of proxy layers between the service provider and the authenticating identity provider.
    API Access Allow API access to this application.
  7. Click Next.
  8. Select the access policy. Either verify that the default access policy meets the requirements for this application or select another access policy from the drop-down menu.


The application source is configured.

What to do next

Add the associated applications to the Catalog.