After creating the OAuth 2.0 client in Workspace ONE Access, generate an OAuth bearer token.


Download and install the Postman app. You can download Postman from


  1. Open a new tab in the Postman app.
  2. For the HTTP method, select POST.
  3. For the URL, enter:
    Replace tenanturl with your Workspace ONE Access URL, for example:
  4. Click the Authorization tab and select OAuth 2.0 as the type.

    The image shows the Type drop-down menu with OAuth 2.0 selected.
  5. In the Configure New Token section, enter the required information.
    1. For Token Name, enter a name, such as WorkspaceONE.
    2. For Grant Type, select Client Credentials.
    3. For Access Token URL, enter https://tenantURL/SAAS/auth/oauthtoken, where tenantURL is your Workspace ONE Access tenant URL.
      For example:
      Note: Workspace ONE Access was formerly called VMware Identity Manager. Old tenants have the domain name while new tenants have the domain name
    4. For Client ID, enter the Client ID that you set in Create OAuth 2.0 Client.
    5. For Client Secret, enter the secret that was generated in Create OAuth 2.0 Client.
      Note: If you did not copy the secret while creating the client, you can regenerate it. To regenerate the secret, go to the Settings > OAuth 2.0 Management page in the Workspace ONE Access console, select the client, and click Regenerate Secret on the client page.
    6. For Scope, enter admin.
    For example:
    Displays Configure New Token section with example values
  6. Click Get New Access Token.
    A token is generated and displayed.
  7. To verify that the bearer token was added, click the Headers tab and click hidden headers.
    hidden headers
    The bearer token appears.

    bearer token

  8. If the bearer token was not added, return to the Authorization tab and select your token from the Available Tokens drop-down menu and check again.