You copy the SAML signing certificate and the SAML service provider metadata from the service and edit the SAML assertion in the third-party identity provider to map VMware Identity Manager users.

1. In the VMware Identity Manager console Catalog tab, select Web Apps Settings > SAML Metadata.
   1. Copy the certificate information that is in the Signing Certificate section.
2. Make the SAML SP metadata available to the third-party identity provider instance.
   1. In the SAML Metadata section, click Service Provider (SP) metadata.
   2. Copy and save the displayed information using the method that best suits your organization.
      Use this copied information later when you configure the third-party identity provider.
3. Determine the user mapping from the third-party identity provider instance to VMware Identity Manager.
   When you configure the third-party identity provider, edit the SAML assertion in the third-party identity provider to map VMware Identity Manager users.

   NameID Format	User Mapping
   urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress	The NameID value in the SAML assertion is mapped to the email address attribute in VMware Identity Manager.
   urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified	The NameID value in the SAML assertion is mapped to the username attribute in VMware Identity Manager.