To add VMware Workspace ONE Access to the AD FS federation, you configure VMware Workspace ONE Access as a relying party (or service provider) for AD FS.

Prerequisites

Obtain the VMware Workspace ONE Access SP Metadata

Procedure

  1. On the AD FS server, run the AD FS Management console as an administrator.
  2. (AD FS 3.0) In the left pane, expand the Trust Relationships folder.
  3. In the left pane, click Relying Party Trusts to highlight it. Then right-click Relying Party Trusts and select Add Relying Party Trust from the menu.


    The Add Relying Party Trust Wizard appears.


  4. Start the Add Relying Party Trust Wizard.
    • (AD FS 4.0) Select Claims aware, and then click Start.
    • (AD FS 3.0) Click Start.
  5. On the Select Data Source page, select Import data about the relying party published online or on a local network. In the text box, paste the URL of the VMware Workspace ONE Access service provider metadata file that you obtained earlier. Then click Next.
    The URL resembles https://{VIDMtenant}/SAAS/API/1.0/GET/metadata/sp.xml, where {VIDMtenant} is replaced with the fully qualified domain name (FQDN) of the VMware Workspace ONE Access service.
  6. On the Specify Display Name page, in the Display name text box, enter a name for the VMware Workspace ONE Access service. In the Notes text box, enter a description of this relying party trust. Then click Next.
    In AD FS 3.0, the Multi-factor Authentication page appears. The Workspace ONE integration does not require multi-factor authentication. Click Next.
  7. Configure the appropriate setting to allow all users access to Workspace ONE after VMware Workspace ONE Access receives the valid claims.
    • (AD FS 4.0) On the Choose Access Control Policy page, select Permit everyone. Then click Next.
    • (AD FS 3.0) On the Choose Issuance Authorization Rules page, select Permit all users to access this relying party. Then click Next.
  8. On the Ready to Add Trust page, review your changes and then click Next.
  9. On the Finish page, select the option to edit the claim rules or issuance policy after you close the wizard.
    • (AD FS 4.0) Select the Configure claims issuance policy for this application check box and then click Close.
    • (AD FS 3.0) Select the Open the Edit Claim Rules dialog for this relying party trust when the wizard closes check box and then click Close.
    The Edit Claim Issuance Policy window ( AD FS 4.0) or Edit Claim Rules window ( AD FS 3.0) appears.


What to do next

Configure Claim Rules for the Relying Party Trust