Configure VMware Workspace ONE Access as the Default Claims Provider for an AD FS-federated Application

This optional topic explains how to configure VMware Workspace ONE Access as the default claims provider for an AD FS-federated application.

Note: Do not perform the following procedure if you want to implement the Mobile Device Management use case. Instead, perform the procedure described in Redirect Mobile Users to VMware Workspace ONE Access for Authentication.

Prerequisites

Perform the procedures described in the following topics.

Procedure

On the AD FS server, open a PowerShell session with elevated administrator rights.
Run the following cmdlet.
```
Set-ADFSRelyingPartyTrust -TargetName "{RP_app}" -ClaimsProviderName
				"{VMWARE IDENTITY MANAGER CLAIMS PROVIDER}"
```
Replace the placeholders in the cmdlet as follows.
- Replace {RP_app} with the name of the relying party trust corresponding to the target application.
- Replace {VMWARE IDENTITY MANAGER CLAIMS PROVIDER} with the name of the claims provider trust that you configured for VMware Workspace ONE Access.
Use the names of the relying party trust and claims provider trust as they appear in the AD FS Management console.

Results

Since VMware Workspace ONE Access is the sole claims provider specified in the cmdlet, all authentication requests for the designated relying party trust are redirected to VMware Workspace ONE Access. This configuration eliminates the user’s choice to authenticate with the AD FS authentication policies.

What to do next

For information about more customization options on the AD FS sign-in page, see the following link: https://technet.microsoft.com/en-us/library/dn280950.aspx