With AD FS integrated as a trusted identity provider, end users can log in to the Hub portal with their Active Directory credentials. To complete the integration, configure AD FS as an identity provider for VMware Workspace ONE Access, and VMware Workspace ONE Access as a relying party for AD FS.

Integrating AD FS as a federated identity provider for VMware Workspace ONE Access allows you to implement Workspace ONE Intelligent Hub Login Using AD FS (see Main Use Cases). This use case employs the following authentication flow.

  1. End user seeks access to the Hub portal.
  2. As the identity component of the Workspace ONE platform, VMware Workspace ONE Access redirects the authentication request to AD FS.
  3. If needed, AD FS prompts the user to log in with Active Directory credentials.
  4. AD FS authenticates the user, and issues a security token containing the LDAP email address attribute of the user.
  5. VMware Workspace ONE Access accepts the SAML-formatted token from AD FS as the trusted identity provider.
  6. VMware Workspace ONE Access grants the user access to the Hub portal.
Figure 1. AD FS Identity Provider Flow
Diagram of the Identify Provider workflow