In the Okta Admin console, add the VMware Workspace ONE application from the Okta catalog, then configure the application.

Procedure

  1. Log into the Okta Admin console.
  2. Select Applications > Applications.
  3. Click Browse App Catalog.
  4. Search for the VMware Workspace ONE application.
  5. Select VMware Workspace ONE under Integrations.

    vmware workspace one app
  6. Click Add.

    The image shows the VMware Workspace ONE app information page, which includes an overview of the app and an Add button.
  7. In the Base URL text box, enter your Workspace ONE Access URL.
    For example: https://example.vmwareidentity.com
    The image displays the General Settings page with the Application label set to VMware Workspace ONE and Base URL set to https://example.vmwareidentity.com.
  8. Click Done.
  9. Click the Provisioning tab and click Configure API Integration.

    Configure API integration button
  10. Select the Enable API Integration check box.

    Select Enable API integration
  11. In the API Token text box, paste the bearer token that you created in Generate OAuth Bearer Token with Postman.
  12. Click Test API Credentials and ensure that you see a successful message before proceeding.

    successful message
  13. Click Save.
  14. Click the Edit button.

    click Edit
  15. Select the Enable check boxes for Create Users, Update User Attributes, and Deactivate Users, then click Save.

    enable create and deactivate
  16. Scroll down and edit the domain attribute.

    edit domain
  17. Edit the domain so that it matches the domain you used when you created the directory in Create a Directory of Type Other in Workspace ONE Access.

    update domain
  18. Click Save.

What to do next

SCIM provisioning set up is complete.

Go to the Assignments tab in the VMware Workspace ONE application and assign the application to users or groups. When you assign the application to a user, the user is created in Workspace ONE Access. When you remove the application for a user, the user is deactivated in Workspace ONE Access.

You can go to the Push groups tab in the VMware Workspace ONE application to push groups to Workspace ONE. When you push a group, the group is created in Workspace ONE Access and the group membership is pushed. Members of the group must already be assigned the VMware Workspace ONE application.

Note: Using the same Okta group for assignments and for group push is not currently supported. To maintain consistent group membership between Okta and Workspace ONE Access, you must create a separate group that is configured to push groups to Workspace ONE Access.