You copy the SAML signing certificate and the SAML service provider metadata from the Workspace ONE Access console and edit the SAML assertion in the third-party identity provider to map Workspace ONE Access users.

Procedure

  1. In the Workspace ONE Access console Catalog tab, select Web Apps Settings > SAML Metadata.
    1. Copy the certificate information that is in the Signing Certificate section.
  2. Make the SAML SP metadata available to the third-party identity provider instance.
    1. In the SAML Metadataa section, click Service Provider (SP) metadata.
    2. Copy and save the displayed information using the method that best suits your organization.
      Use this copied information later when you configure the third-party identity provider.
  3. Determine the user mapping from the third-party identity provider instance to Workspace ONE Access.
    When you configure the third-party identity provider, edit the SAML assertion in the third-party identity provider to map Workspace ONE Access users.
    NameID Format User Mapping
    urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress The NameID value in the SAML assertion is mapped to the email address attribute in Workspace ONE Access.
    urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified The NameID value in the SAML assertion is mapped to the username attribute in Workspace ONE Access.

What to do next

Apply the information you copied for this task to configure the third-party identity provider instance.