With AD FS integrated as a trusted identity provider, end users can log in to the Workspace ONE portal with their Active Directory credentials. To complete the integration, configure AD FS as an identity provider for VMware Workspace ONE Access, and VMware Workspace ONE Access as a relying party for AD FS.

Integrating AD FS as a federated identity provider for VMware Workspace ONE Access allows you to implement Workspace ONE Login Using AD FS (see Main Use Cases). This use case employs the following authentication flow.

  1. End user seeks access to the Workspace ONE portal.
  2. As the identity component of Workspace ONE, VMware Workspace ONE Access redirects the authentication request to AD FS.
  3. If needed, AD FS prompts the user to log in with Active Directory credentials.
  4. AD FS authenticates the user, and issues a security token containing the LDAP email address attribute of the user.
  5. VMware Workspace ONE Access accepts the SAML-formatted token from AD FS as the trusted identity provider.
  6. VMware Workspace ONE Access grants the user access to the Workspace ONE portal.
Figure 1. AD FS Identity Provider Flow