In the Okta Admin console, add the VMware Workspace ONE application from the Okta catalog, then configure the application.

Procedure

  1. Log into the Okta Admin console.
  2. Click Applications > Applications.
  3. Click Add Application.
  4. Search for the VMware Workspace ONE application.
  5. Select VMware Workspace ONE under Integrations.

    vmware workspace one app
  6. Click Add.

    Add the app
  7. In the Base URL text box, enter your Workspace ONE Access URL.
    For example: https://example.vmwareidentity.com
    Base URL field
  8. Click Done.
  9. Click the Provisioning tab and click Configure API Integration.

    Configure API integration button
  10. Select the Enable API Integration check box.

    Select Enable API integration
  11. In the API Token text box, paste the bearer token that you created in Generate OAuth Bearer Token with Postman.

    enter bearer token
  12. Click Test API Credentials and ensure that you see a successful message before proceeding.

    successful message
  13. Click Save.
  14. Click the Edit button.

    click Edit
  15. Select the Enable check boxes for Create Users, Update User Attributes, and Deactivate Users, then click Save.

    enable create and deactivate
  16. Scroll down and edit the domain attribute.

    edit domain
  17. Edit the domain so that it matches the domain you used when you created the directory in Create a Directory of Type Other in Workspace ONE Access.

    update domain
  18. Click Save.

What to do next

SCIM provisioning set up is complete.

Go to the Assignments tab in the VMware Workspace ONE application and assign the application to users or groups. When you assign the application to a user, the user is created in Workspace ONE Access. When you remove the application for a user, the user is disabled in Workspace ONE Access.

You can go to the Push groups tab in the VMware Workspace ONE application to push groups to Workspace ONE. When you push a group, the group is created in Workspace ONE Access and the group membership is pushed. Members of the group must already be assigned the Workspace ONE Access application.

Note:

Using the same Okta group for assignments and for group push is not currently supported. To maintain consistent group membership between Okta and Workspace ONE Access, you need to create a separate group that is configured to push groups to Workspace ONE Access.