Eric Monjoin
Staff Consulting Architect but also pilot, spending time in front of my computer or flying in the air...

Azure AD as IdP for Workspace One Access

Select “Click here to switch to switch to the old app gallery experience

Select “Non-gallery application

Type a name for this application (Tenant name for exemple) and click “Add” (bottom-left)

Select “1. Assign users and groups” and click “Add user”

Add all required users and click “Assign”

Click “2. Set up single sign on” or “Single sign-on” on the left pane.

Select “SAML

Click “Edit

Fill the Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL) with your Workspace ONE Access tenant information and click “Save

As said by default the following attributes are used :

But in my case I had to use the Alternate email so I only change it for :

Now we need to save the Federation metadata so we can import it it in Workspace ONE Access, so one the block number “3”, click “Download” in front of “Federation Metadata XML

Nothing more to do on the Azure side, now let’s configure Workspace ONE Access…

Login as admin and select “Identity & Access Management” then “Identity Providers

Click “Add Identity Provider” (upper right)

Fill the required informations :
Identity Provider Name : Something to identify this IdP eg. Azure AD
SAML Metadata : copy and past the content of “Federation Metadata XML” and click “Process IdP Metadata
Name ID Format:
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified = userName
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress = userPrincipalName
Name ID Policy in SAML Request : urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
Network: Select appropriate networks
Authentication Methods : Something to identify this IdP eg. Azure AD
SAML Contexts : urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport

Once done you can specify your Azure AD as authentication method in the Policies for this, select “Policies” and “EDIT DEFAULT POLICY”

Select “Configuration” \ “<Network Range>”

Finally select “AZURE AD” (or whatever you call it) and Save

Pages: 1 2

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *