Artificial Intelligence (AI)
Big data analytics with Starburst
Secure from Code to Cloud
MITRE ATT&CK (tactics, techniques, matrix, IDs)
Prisma Cloud in 60s
Changed focus – The world of…
Horizon – Brokering
Horizon Golden Master – Best practice
Horizon Cloud on Azure
Horizon Cloud on Azure – How to start with subscription

Modern Workplace and Management with the efficiency of pure Cloud – Part 5 (SAML authentication Workspace ONE)

SAML authentication from Workspace ONE Access to Workspace ONE UEM

You can provide the user the Workspace ONE UEM (AirWatch) Self-Service-Portal (SSP) as an application in the catalog in the user portal of Workspace ONE Access. In that case the users can click on the application and will directly authenticate in Workspace ONE UEM SSP via SAML.

So, we configure the AirWatch application in the Workspace ONE Access catalog under Web Apps.

  • Log into the Workspace ONE Access admin console
  • Catalog
  • Web Apps
  • Click settings
  • Click SAML Metadata
  • Right click on Identity Provider (IdP) metadata
  • Save Link as
  • The file idp.xml will be downloaded
  • Log into the Workspace ONE UEM console
  • Groups & Settings
  • All settings
  • Enterprise Integration
  • Directory Services
  • Server tab
  • Directory Type: None
  • Scroll down to Advanced
  • Enable Use SAML For Authentication
  • Enable Use New SAML Authentication Endpoint
  • Now a new field will be available
  • Click Upload in the Section SAML 2.0 – Import Identity Provider Settings
  • Upload your previously downloaded idp.xml file from Workspace ONE Access
  • In Enable SAML Authentication for check the boxes for enrollment and Self Service Portal
  • Scroll down and click Save
    • The necessary fields will be filled automatically from the xml file afterwards check the entries

Now you should see like this:

Make sure you set in the Request Chapter Request Binding Type to POST and in the Response Chapter Response Binding Type to POST as well. The Authentication Response Security should be Validate Response Signatures and the Allowed Clock Skew (default 0) can be adjusted to a chosen time in minutes which means that could be the time difference between the Identity Provider and Service Provider Clock and be considered in sync to proceed with authentication.

Configure AirWatch application (Self Service Portal – SSP) in Workspace ONE Access

Now we configure the AirWatch application (Self-Service Portal) in the Workspace ONE Access catalog that the user can login from their user portal via SAML.

  • Log into Workspace ONE Access admin console
  • Catalog
  • Web Apps
  • New
  • Search for AirWatch
  • Next
  • Click Configuration tab from the left side
  • Scroll down to Application Parameters and enter the following
    • Device Server URL:
    • GroupID
    • Audience (default is AirWatch
  • Enable Show in User Portal
  • Next
  • Next
  • Save

Now we will assign this created application to the users or groups.

  • Click Catalog
  • Choose the AirWatch application
  • Assign
  • In the search box type the username or group to which you want assign to
  • Deployment Type choose Automatic
    • The application will automatically be available to the user
780 Total Views 1 Views Today

Leave a Reply

Your email address will not be published. Required fields are marked *