You can add applications that use the OpenID Connect authentication protocol to the Workspace ONE Access catalog from the Resources > Web Apps page. To add an OpenID Connect application, you need the application's target URL, redirect URL, client ID, and client secret.


  • Obtain the target URL, redirect URL, client ID, and client secret for the application.
  • Create an access policy if you do not want to use the default access policy. You can create access policies from the Resources > Policies page.
  • Create categories, if required. You can create categories from the Resources > Web Apps page by clicking Categories and typing the category name in the text box.
  • Create user groups, if required. You can create groups from the Accounts > User Groups page.


  1. In the Workspace ONE Access console, select the Resources > Web Apps tab.
  2. Click New.
  3. In the Definition page of the New SaaS Application wizard, enter the required information.
    Option Description
    Name Enter a unique name for the application.
    Description (Optional) Enter a description of the application.

    (Optional) Upload an icon for the application. Icons in PNG, JPG, and ICON file formats, up to 4MB, are supported.

    The icon must be a minimum of 180 x 180 pixels. If the icon is too small, it does not display. In that case, the Workspace ONE icon is displayed.


    (Optional) To add the application to a category, select it from the drop-down menu. Categories must already be created.

    A predefined Recommended category is also available. Select this category if you want the application to appear in the Recommended apps list in the Workspace ONE Intelligent Hub app and portal.

  4. Click Next.
  5. In the Configuration page, enter the required configuration information.
    Option Description
    Authentication Type Select OpenID Connect.
    Target URL The application URL to which users will be sent when they click the app in the Intelligent Hub app or portal.
    Redirect URL The URL to which Workspace ONE Access will send the authorization code.
    Client ID The Client Identifier that the app will include in the authentication requests made to Workspace ONE Access. The Client ID must be unique per tenant.
    Client Secret The secret that the app will use to identify itself in the authentication requests made to Workspace ONE Access.
    Open in VMware Browser Select this option if you want the Intelligent Hub app to open the application in the VMware Browser, which provides a secure alternative to the native Web browser.
  6. Click Next.
  7. In the Access Policies page, select the access policy to manage user access to the application
    The default access policy, default_access_policy_set, is selected by default. For information about creating and managing access policies, see Workspace ONE Access Administration.
  8. On the Summary page, review your selections and click Save, or click Save & Assign to assign the application to users and groups.
    If you do not assign the application to any users and groups at this time, you can do so later by selecting the application in the Resources > Web Apps page and clicking Assign.
  9. If you clicked Save & Assign, assign the application to users and groups.
    1. Add users and groups by typing the name in the search box and selecting from the results
    2. Select the deployment type for each user and group.
      Regardless of whether you select User Activated or Automatic, the application appears in the Apps tab in the Intelligent Hub app and portal. Users can run the application from the Apps tab or mark it as a favorite and run it from the Favorites tab. If you plan to set up an approval flow for the application, select User Activated.
  10. Click Save.
  11. To enable additional scopes, such as Email or Profile, or to edit attributes such as token Time-To-Live (TTL) on the OAuth 2.0 client that was created for the application, follow these steps.
    1. Select the Settings > OAuth 2.0 Management tab.
    2. In the Clients tab, find the client for the application based on the Client ID that you entered in step 5, and click the link.
    3. Make your changes, and click Save.


The application is added to the catalog. To edit the application configuration at any time, select the application in the Resources > Web Apps page and click Edit.