To configure AD FS as a service provider for VMware Workspace ONE Access, you add AD FS as an application source. The AD FS application source enables VMware Workspace ONE Access to respond to authentication requests from the AD FS server.

Prerequisites

Download the federation metadata file for the AD FS server by navigating to the URL: https://{ADFSdomain}/FederationMetadata/2007-06/FederationMetadata.xml where {ADFSdomain} is replaced with the fully qualified domain name (FQDN) your AD FS server.

Procedure

  1. Log in to the VMware Workspace ONE Access console with full administrator privileges.
  2. Select the Catalog > Web Apps tab.


  3. Click Settings.
  4. In the left pane, click Application Sources.
  5. On the Application Sources page, click ADFS.


  6. On the Definition page of the ADFS Application Source wizard, click Next.
  7. On the Configuration page, perform the following steps.
    1. For Configuration, select URL/XML.
    2. In the URL/XML text box, copy and paste the contents of the federation metadata file that you downloaded previously from the AD FS server.


  8. Click Next.
  9. On the Access Policies page, select the access policy that you want to use for the AD FS application source.
    For more information about access policies, see the Managing Workspace ONE Access User Authentication Methods guide.
  10. Click Next, review your selections, and click Save.
    Saving the setup at this stage allows VMware Workspace ONE Access to import configuration settings from the AD FS metadata.
  11. On the Application Sources page, click ADFS again. Then click Next.
    Some settings on the Configuration page now contain values imported from the AD FS metadata.


  12. On the Configuration page, modify the following settings. Accept the default values for all other settings.
    1. For Username Format, select Unspecified.
    2. For Username Value, enter ${user.domain}\${user.userName}. This value ensures that VMware Workspace ONE Access sends the user name value in the WindowsAccountName domain\user format required by AD FS.
  13. Expand the Advanced Properties section and configure the following settings.
    1. Set Include Assertion Signature to Yes.
    2. For Signature Algorithm, select SHA256 with RSA.
  14. Click Next, and click Next again to advance to the Summary page. Then click Save.

What to do next

Assign the AD FS Application Source to All Users