When setting up an end-to-end integration to cover all main use cases, you must specify Active Directory as the sole claims provider for the VMware Workspace ONE Access relying party trust. This claims provider configuration is required to prevent an authentication loop from occurring between AD FS and VMware Workspace ONE Access.

Use the following procedure to specify Active Directory as the sole claims provider for the VMware Workspace ONE Access relying party trust. After you complete the configuration, authentication requests will follow this flow:

  1. End user attempts to access the Workspace ONE portal.
  2. VMware Workspace ONE Access redirects the authentication request to AD FS as the federated identity provider.
  3. AD FS refers to the VMware Workspace ONE Access relying party trust.
  4. Since Active Directory is the sole claims provider specified for the relying party trust, the flow concludes with AD FS as the final authentication authority.

For more information about setting up an end-to-end integration, see Main Use Cases.

Prerequisites

Perform all the procedures described in the following topics:

Procedure

  1. On the AD FS server, open a PowerShell session with elevated administrator rights.
  2. Run the following cmdlet. 
    Set-ADFSRelyingPartyTrust -TargetName "{VMWARE IDENTITY MANAGER RELYING PARTY}" -ClaimsProviderName
				"Active Directory"
    Replace {VMWARE IDENTITY MANAGER RELYING PARTY} with the name of the relying party trust that you configured for VMware Workspace ONE Access. Use the name as it appears in the AD FS Management console.