Skip to main content
Skip table of contents

VMWare Workspace One and VeridiumID SAML integration

Don’t export procedure before removing video setup instructions

Veridium & APRO MFA PoC-20240315_102817-Meeting Recording.mp4

The goal of this article is to provide a step by step procedure in order to configure SAML authentication provided by VeridiumID server within the VMWare Workspace ONE.

This article assumes you already have:

  • a directory (Active Directory or ldap) configured in the VMware Workspace One interface

  • at least one user imported from the directory

  • the appropriate rights for the imported user in order to be able to login.

Configuring SAML authentication in VMWare Workspace One consists in two main steps:

  1. Define VeridiumID Shibboleth as an IDP in the VMWare Workspace One admin interface. For this you must do the following:

  • Go to Integrations Identity Providers, then click on Add and select SAML IDP:

    image-20240315-150031.png

  • In the next window, set a name for the IDP, then choose HTTP-POST as a binding protocol, enter the idp metadata extracted from the VeridiumID dashboard:

    image-20240315-150159.png

    Note: Make sure the HTTP-POST section under SingleSignOnService is the first one in the list, as shown below. Otherwise you will get a Stale request error when accessing the service provider:

    image-20240315-151109.png

    After editing the metadata, click on PROCESS IDP METADATA.

  • Scroll down and under Identify User Using section select NameID Element, then, under Name ID format mapping from SAML Response set the NameID Format to urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, the Name ID Value to emails and the Name ID Policy in SAML Request to urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress:

    image-20240315-151237.png

  • Scroll further down and select the user and network ranges for which this idp will apply. Then, under Authentication Methods, type a relevant name for the method (e.g. Veridium) and then select urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport

    image-20240315-152001.png

  • Continue scrolling and in the SAML METADATA section, click on Servove Provider (SP) metadata to extract the service provider metadata needed for the VeridiumID saml application configuration. Click on SAVE to acknowledge the configuration.

    image-20240315-152403.png

  1. Define a SAML application for VMWare Workspace One in the VeridiumID dashboard:

  • Click on Applications, then click on Add SAML app:

    image-20240315-152906.png

  • Type in a name and a friendly name for the application, then load the metadata exported from the VMWare Workspace One admin interface:

    image-20240315-153102.png

  • Set the Name ID attribute to mail, NameID format to Email an toggle on Hide SSO Redirect:

    image-20240315-153224.png

  • Click on Save to finish configuring and then try accessing the VMWare Workspace One interface. You should be redirected to the Shibboleth page where you will be able to perform the authentication.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close