To map Workspace ONE Access users, you copy the SAML signing certificate and the SAML service provider metadata from the Workspace ONE Access console and edit the SAML assertion in the third-party identity provider.
Procedure
- In the Workspace ONE Access console page, select .
- Copy the certificate information that is in the Signing Certificate section.
- Make the SAML service provider metadata available to the third-party identity provider instance.
- In the SAML Metadata section, click Service Provider (SP) metadata.
- Copy and save the displayed information using the method that best suits your organization.
Use this copied information later when you configure the third-party identity provider.
- Determine the user mapping from the third-party identity provider instance to Workspace ONE Access.
When you configure the third-party identity provider, edit the SAML assertion in the third-party identity provider to map
Workspace ONE Access users.
| NameID Format |
User Mapping |
| urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress |
The NameID value in the SAML assertion is mapped to the email address attribute in Workspace ONE Access. |
| urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified |
The NameID value in the SAML assertion is mapped to the username attribute in Workspace ONE Access. |
What to do next
To configure the third-party identity provider instance, use the information you copied for this task .
