The Workspace ONE UEM console and the VMware Identity Manager console use an authorization code work flow that allows access to both consoles with single sign-on (SSO). This feature aims to allow access to the VMware Identity Manager console for admins in the UEM console to work on SaaS application configurations.

This flow is specific to SaaS applications and access policies in Workspace ONE UEM. Additions and edits made in Workspace ONE UEM are reflected in Identity Manager.

Register the OAuth Client During Setup

When you set up VMware Identity Manager in the UEM console, you register the OAuth client as part of the setup wizard. The OAuth client registration is a prerequisite for this SSO feature to work.


VMware Identity Manager and Workspace ONE UEM work in the back-end to authenticate the Workspace ONE UEM admin to VMware Identity Manager. The VMware Identity Manager Console passes an ID token to Workspace ONE UEM. This token contains information about the admin and the authentication so that the admin can access both consoles. The two consoles follow the depicted process.