The Security Assertion Markup Language (SAML) 2.0 Authentication offers single sign-on support and federated authentication. Workspace ONE ™ UEM never receives any corporate credentials. If an organization has a SAML Identity Provider server, use SAML 2.0 integration.
- Offers single sign-on capabilities.
- Authentication with existing corporate credentials.
- Workspace ONE UEM never receives corporate credentials in plain-text.
- Can be used for Workspace ONE Direct Enrollment when paired with a SAML Directory User.
- Requires corporate SAML Identity Provider infrastructure.
- Cannot be used for Workspace ONE Direct Enrollment when paired with a SAML Basic User.
- Device connects to Workspace ONE UEM for enrollment. The UEM server then redirects the device to the client specified identity provider.
- Device securely connects through HTTPS to client provided identity provider and user enters credentials.
- Credentials are encrypted during transport directly between the device and SAML endpoint.
- Credentials are validated against directory services.
- The identity provider returns a signed SAML response with the authenticated user name.
- The device responds back to the Workspace ONE UEM server and presents the signed SAML message. The user is authenticated.
For more information, see Workspace ONE Direct Enrollment.