INTEGRATING OKTA: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Similar documents
Integrating VMware Workspace ONE with Okta. VMware Workspace ONE

REVIEWERS GUIDE NOVEMBER 2017 REVIEWER S GUIDE FOR CLOUD-BASED VMWARE WORKSPACE ONE: MOBILE SINGLE SIGN-ON. VMware Workspace ONE

MANAGING ANDROID DEVICES: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

CONFIGURING AD FS AS A THIRD-PARTY IDP IN VMWARE IDENTITY MANAGER: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

INSTALLATION AND SETUP VMware Workspace ONE

CONFIGURING BASIC MACOS MANAGEMENT: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

INTEGRATING WITH DELL CLIENT COMMAND SUITE: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Configuring Single Sign-on from the VMware Identity Manager Service to Marketo

USING PRODUCT PROVISIONING TO DELIVER FILES TO WINDOWS 10: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

VMWARE HORIZON CLOUD WITH VMWARE IDENTITY MANAGER QUICK START GUIDE WHITE PAPER MARCH 2018

Configuring Single Sign-on from the VMware Identity Manager Service to Trumba

REVISED 6 NOVEMBER 2018 COMPONENT DESIGN: VMWARE IDENTITY MANAGER ARCHITECTURE

Configuring Single Sign-on from the VMware Identity Manager Service to Vizru

Configuring Single Sign-on from the VMware Identity Manager Service to Exterro E-Discovery

Configuring Single Sign-on from the VMware Identity Manager Service to Bonusly

VMware Workspace ONE Quick Configuration Guide. VMware AirWatch 9.1

ARCHITECTURAL OVERVIEW REVISED 6 NOVEMBER 2018

VMware Identity Manager Administration. MAY 2018 VMware Identity Manager 3.2

Setting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1

Setting Up Resources in VMware Identity Manager (SaaS) Modified 15 SEP 2017 VMware Identity Manager

Administering Workspace ONE in VMware Identity Manager Services with AirWatch. VMware AirWatch 9.1.1

IMPLEMENTING SINGLE SIGN-ON (SSO) TO KERBEROS CONSTRAINED DELEGATION AND HEADER-BASED APPS. VMware Identity Manager.

Guide to Deploying VMware Workspace ONE with VMware Identity Manager. SEP 2018 VMware Workspace ONE

Integrating AirWatch and VMware Identity Manager

Guide to Deploying VMware Workspace ONE. VMware Identity Manager VMware AirWatch 9.1

EXPLORING MONITORING AND ANALYTICS VMware Horizon

RECOMMENDED DEPLOYMENT PRACTICES. The F5 and Okta Solution for High Security SSO

Guide to Deploying VMware Workspace ONE. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1

Deploying VMware Workspace ONE Intelligent Hub. October 2018 VMware Workspace ONE

Configuring Single Sign-on from the VMware Identity Manager Service to Collibra

Cloud Pod Architecture with VMware Horizon 6.1

Horizon Workspace Administrator's Guide

Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER

VMware Identity Manager Administration

RSA SecurID Access SAML Configuration for Datadog

TECHNICAL WHITE PAPER AUGUST 2017 REVIEWER S GUIDE FOR VIEW IN VMWARE HORIZON 7: INSTALLATION AND CONFIGURATION. VMware Horizon 7 version 7.

Setting Up Resources in VMware Identity Manager 3.1 (On Premises) Modified JUL 2018 VMware Identity Manager 3.1

VMware Identity Manager Integration with Office 365

VMware Identity Manager Administration

REVISED 6 NOVEMBER 2018 COMPONENT DESIGN: UNIFIED ACCESS GATEWAY ARCHITECTURE

VMware Identity Manager Integration with Office 365

Configure Unsanctioned Device Access Control

Workspace ONE UEM Integration with RSA PKI. VMware Workspace ONE UEM 1810

Setting Up Resources in VMware Identity Manager. VMware Identity Manager 2.8

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

A: SETTING UP VMware Horizon

Using VMware Horizon Workspace to Enable SSO in VMware vcloud Director 5.1

Android Mobile Single Sign-On to VMware Workspace ONE. SEP 2018 VMware Workspace ONE VMware Identity Manager VMware Identity Manager 3.

Workspace ONE UEM Certificate Authority Integration with JCCH. VMware Workspace ONE UEM 1810

Configuring Alfresco Cloud with ADFS 3.0

PROVIDING SECURE ACCESS TO VMWARE HORIZON 7 AND VMWARE IDENTITY MANAGER WITH THE VMWARE UNIFIED ACCESS GATEWAY REVISED 2 MAY 2018

ComponentSpace SAML v2.0 Okta Integration Guide

Integration Guide. SafeNet Authentication Manager. Using SAM as an Identity Provider for Okta

Configuring and Delivering Salesforce as a managed application to XenMobile Users with NetScaler as the SAML IDP (Identity Provider)

Workspace ONE UEM Certificate Authentication for Cisco IPSec VPN. VMware Workspace ONE UEM 1810

Add OKTA as an Identity Provider in EAA

Workspace ONE UEM Directory Service Integration. VMware Workspace ONE UEM 1811

Enabling Single Sign-On Using Okta in Axon Data Governance 5.4

Okta SAML Authentication with WatchGuard Access Portal. Integration Guide

Setting Up Resources in VMware Identity Manager

Workspace ONE UEM Notification Service. VMware Workspace ONE UEM 1811

MyWorkDrive SAML v2.0 Okta Integration Guide

Okta Integration Guide for Web Access Management with F5 BIG-IP

SAML Authentication with Pulse Connect Secure and Pulse Secure Virtual Traffic Manager

Table of Contents. Advanced integrations with Okta: VMWare WorkSpace ONE. What is this document 4 What is Okta 4 What is Workspace ONE 4

VMware AirWatch Integration with RSA PKI Guide

Deploying VMware Identity Manager in the DMZ. SEPT 2018 VMware Identity Manager 3.3

VMware AirWatch File Storage Setup Guide Setting up file storage for AirWatch functionality

Five9 Plus Adapter for Agent Desktop Toolkit

Advanced integrations with Okta: VMware Workspace ONE

VMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager

VMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager

SAML-Based SSO Configuration

Configuring and Delivering Salesforce as a managed application to XenMobile Users with 3 rd Party SAML IDP (Identity Provider)

VMware AirWatch Workspace ONE Send Admin Guide Configuring and deploying Workspace ONE Send

Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com.

VMware Avery Dennison Printer Integration Guide Integration with Workspace ONE UEM

VMware AirWatch Integration with SecureAuth PKI Guide

Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com.

VMware AirWatch Integration with F5 Guide Enabling secure connections between mobile applications and your backend resources

Cloud Secure Integration with ADFS. Deployment Guide

Integration Guide. SafeNet Authentication Manager. Using SAM as an Identity Provider for PingFederate

VMware AirWatch Android Platform Guide

DEPLOYING WIN32 APPLICATIONS: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Enabling Single Sign-On Using Microsoft Azure Active Directory in Axon Data Governance 5.2

Advanced Configuration for SAML Authentication

VMware AirWatch Certificate Authentication for Cisco IPSec VPN

AirWatch Container. VMware Workspace ONE UEM

SAML-Based SSO Solution

VMware AirWatch Certificate Authentication for EAS with ADCS

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

Configuring OneSign 4.9 Virtual Desktop Access with Horizon View HOW-TO GUIDE

Deploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2

SAML SSO Okta Identity Provider 2

VMware AirWatch Integration with Palo Alto Networks WildFire Integrate your application reputation service with AirWatch

Installing and Configuring vcloud Connector

VMware AirWatch Integration with Microsoft ADCS via DCOM

VMware vcenter Configuration Manager and VMware vcenter Application Discovery Manager Integration Guide

Integration Guide. PingFederate SAML Integration Guide (SP-Initiated Workflow)

Configuring Confluence

Transcription:

GUIDE AUGUST 2018 PRINTED 4 MARCH 2019 INTEGRATING OKTA: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Table of Contents Overview Introduction Purpose Audience Integrating Okta with VMware Workspace ONE Introduction Prerequisites Configuring Workspace ONE as a Third-Party Identity Provider in Okta Creating Routing Rules in Okta Adding Applications Federated with Okta to the Workspace ONE Application Catalog Configuring Okta as a Third-Party Identity Provider in Workspace ONE Summary and Additional Resources Conclusion Additional Resources About the Author Feedback GUIDE 2

Integrating Okta: VMware Workspace ONE Operational Tutorial Overview Introduction VMware provides this operational tutorial to help you with your VMware Workspace ONE environment. Workspace ONE simplifies access to cloud, mobile, and enterprise applications from supported devices. As an IT professional, you can use Workspace ONE to deploy, manage, and secure applications. At the same time, you can offer a flexible, bring-your-own-device (BYOD) initiative to your end users from a central location. Purpose This operational tutorial provides you with discussions and exercises to help with your existing VMware Workspace ONE production environment. VMware provides operational tutorials to help you with Common procedures or best practices Complex manual procedures Troubleshooting Note: Before you begin any operational tutorial, you must first deploy a production environment. For information about deployment, see the VMware Workspace ONE Documentation. Audience This operational tutorial is intended for IT professionals and Workspace ONE administrators of existing production environments. Both current and new administrators can benefit from using this tutorial. Familiarity with networking and storage in a virtual environment is assumed, including Active Directory, identity management, and directory services. Knowledge of additional technologies such as VMware Identity Manager and VMware Workspace ONE UEM (unified endpoint management), powered by VMware AirWatch, is also helpful. Integrating Okta with VMware Workspace ONE Introduction This tutorial helps you to integrate VMware Workspace ONE with Okta. Procedures include: Configuring Workspace ONE as a Third-Party Identity Provider in Okta Creating Routing Rules in Okta Adding Applications Federated with Okta into the Workspace ONE App Catalog Configuring Okta as a Third-Party Identity Provider in Workspace ONE The steps are sequential and build upon one another, so make sure that you complete each step before going to the next step. Prerequisites Before you can perform the procedures in this tutorial, you must satisfy the following requirements. For more information, see the VMware Identity Manager Documentation and VMware Workspace ONE UEM Documentation. Check whether you have the following components installed and configured: Admin access to VMware Identity Manager tenant and Okta tenant Test application federated with Okta (to follow the steps in this exercise, use Salesforce and Office365) VMware Identity Manager tenant and Okta tenant connected to the same Active Directory domain Optional: Mobile device to test redirection to Workspace ONE GUIDE 3

Configuring Workspace ONE as a Third-Party Identity Provider in Okta This exercise helps you test access to a SaaS application (Salesforce) that is federated with Okta while using Workspace ONE as a third-party identity provider. The process of federating Salesforce with Okta is outside the scope of this exercise. 1. Retrieve SAML Metadata from Workspace ONE Admin Console First, you must retrieve the appropriate SAML metadata file from the Workspace ONE tenant. 1.1. Navigate to Workspace ONE Tenant URL Navigate to your Workspace ONE tenant and log in. 1.2. Navigate to Catalog Settings GUIDE 4

1. Click Catalog. 2. Click Web Apps. 3. Click Settings. 1.3. Open SAML IDP Metadata 1. Click SAML Metadata. 2. Click Identity Provider (IdP) Metadata to open the metadata file in a new browser tab. You will reference this in a later step. GUIDE 5

1.4. Download Signing Certificate 1. Scroll down 2. Click on Download to download the Signing Certificate file. 1.5. Save Signing Certificate GUIDE 6

Click Save to save the certificate file locally on your computer. 2. Add Identity Provider in Okta Next, add Workspace ONE as a trusted identity provider in Okta. Log in to your Okta admin console. 2.1. Add Identity Provider GUIDE 7

1. Click Security. 2. Click Identity Providers. 3. Click Add Identity Provider. 2.2. Identity Provider Configuration GUIDE 8

1. Enter the IdP Username, for example, Workspace ONE. 2. Select idpuser.subjectnameid from the IdP Username drop-down menu. 3. Select Okta Username from the Match Against drop-down menu. GUIDE 9

2.3. Active Directory User Profile in Okta Note that users in this Okta tenant use their Active Directory userprincipalname as the Okta Username. This is value you need to send from Workspace ONE in the SAML assertion. 2.4. Copy IdP Information from Metadata GUIDE 10

1. Copy the entityid URL from the SAML metadata file into the IdP Issuer URI box (for example, https://tenant.vwareidentity.com/saas/api/1.0/get/metadata/idp.xml). 2. Copy the SingleSignOnService URL for HTTP-Redirect into the IdP Single Sign-On URL box (for example, https://tenant.vmwareidentity.com/saas/auth/federation/sso). 3. Click Browse File to upload the IdP Signature Certificate. 2.5. Upload Signing Certificate 1. Select the signingcertificate file downloaded from the Workspace ONE tenant. 2. Select Open. 2.6. Finish Adding Identity Provider GUIDE 11

Click Add Identity Provider. 3. Download and Copy Okta SAML Metadata The next steps help you download and copy the Okta SAML metadata for the newly created identity provider in Okta. 3.1. Download Okta SAML Metadata Click Download Metadata. 3.2. Save Okta Metadata Locally GUIDE 12

Save the metadata file locally on your computer. Click Save. 3.3. Copy Contents of Okta Metadata File GUIDE 13

Open the metadata file on a text editor and copy the contents of the file to your clipboard. 4. Configure Okta as an Application Source in Workspace ONE Next, configure Okta as an Application Source in Workspace ONE. GUIDE 14

Return to your Workspace ONE admin console. 1. Click Application Sources. 2. Click OKTA. 5. Configure Application Source Definition GUIDE 15

Click Next. 5.1. Paste Okta Metadata into Application Source Configuration GUIDE 16

1. Paste the contents of the metadata file into the URL/XML text box. 2. Click Next. 5.2. Configure Application Source Access Policy GUIDE 17

1. Select an authentication policy from the drop-down menu. 2. Click Next. 5.3. Save Application Source GUIDE 18

Click SAVE. 5.4. Navigate Back to Application Source GUIDE 19

Click Okta to navigate back into the Application Source configuration. 5.5. Change Username Value to userprincipalname GUIDE 20

1. Click Configuration. 2. Change the Username Value field to ${user.userprincipalname}. This sends the user's userprincipalname as the NameID value which matches the user Okta username. 3. Click Summary. 5.6. Save Application Source GUIDE 21

Click Save. The federation trust between Okta and Workspace ONE has been successfully created. Before you can test authentication to Okta using Workspace ONE, you must create the appropriate routing rules in Okta to route authentication requests coming into Okta to Workspace ONE. Creating Routing Rules in Okta This exercise helps you to create routing rules in Okta to redirect authentication traffic to Workspace ONE. For more information, see Identity Provider Discovery in the Okta Product Documentation. Note: Identity Provider Discover is an early access feature and might require you to contact Okta Support to enable it in your tenant. 1. Add Routing Rule in Okta GUIDE 22

Navigate back to the Identity Providers page in your Okta Admin console. 1. Click Routing Rules. 2. Click Add Routing Rule. Note that a default rule is already added in the tenant to authenticate all traffic with Okta. This serves as a catch-all rule for all traffic that does not meet the criteria specified within the new routing rule being created. 2. Configure Workspace ONE Routing Rule GUIDE 23

For this setup, you create a rule to route only mobile traffic (ios or Android) for your test application. Anything else is authenticated with Okta. 1. Enter a friendly name for the Rule Name, for example, Workspace ONE. 2. Select Any of these devices. GUIDE 24

3. Select ios. 4. Select Android. 3. Finish Routing Rule Configuration 1. 2. 3. 4. 5. Scroll down. Select Any of the following applications. Search for and select your test application in the search bar. Select Workspace ONE (previously configured IDP connection) from the Use the identity Provider drop-down menu. Click Create Rule. 4. Activate Rule GUIDE 25

Click Activate to active the newly created Routing Rule. 5. Log In to Test Application GUIDE 26

You can now test logging into your test application using one of the mobile device platforms (ios or Android) selected as a routing rule. Click Okta. 6. Authenticate with Workspace ONE GUIDE 27

Even though you selected Okta as the federation provider for the test application, you are automatically redirected to Workspace ONE for authentication. Click Sign in. 7. Confirm Successful Login GUIDE 28

After you successfully authenticate with Workspace ONE, you are granted access to your test application. The following steps occur seamlessly without impacting the end-user login experience: 1. After successful authentication, Workspace ONE issues a SAML assertion for Okta with the authentication user's Name ID. 2. Okta validates the SAML assertion issued by Workspace ONE and checks if the authenticated user is authorized to access the target application. If authorized, Okta issues a second SAML assertion for the target application with the corresponding Name ID. 3. Client device passes SAML assertion from Okta to the target application to gain access. Adding Applications Federated with Okta to the Workspace ONE Application Catalog This exercise helps you to add applications that are federated with Okta into the Workspace ONE catalog for seamless access. This enables the end user to authenticate directly into the Workspace ONE app catalog and perform an IdP-initiated login to the target application federated with Okta. 1. Retrieve Salesforce Application Identifier First, you must retrieve the application identifier for your test application in Okta. This allows Workspace ONE to indicate what the target application is when it issues a SAML assertion to Okta. 1.1. Navigate to Test Application Configuration in Okta GUIDE 29

Navigate to the Okta admin console. 1. Click the Applications tab. 2. Click Applications. 3. Click your test application. 1.2. Navigate to General Tab Navigate to the General tab within your test application configuration. 1.3. Copy Application Embed Link GUIDE 30

Scroll-down to find the Embed Link value for your test application. Copy this value to your clipboard. 2. Add Salesforce to Workspace ONE Next, add a new SaaS application (Salesforce) to Workspace ONE. 2.1. Navigate to Web Apps Navigate to the Workspace ONE admin console. 1. Click Catalog. 2. Click Web Apps. 3. Click New to add a new SaaS application. 2.2. Configure SaaS Application Definition GUIDE 31

1. Enter a friendly name for your SaaS application, for example, Salesforce OKTA. 2. Click Next. 2.3. Select Okta Application Source as Authentication Type GUIDE 32

1. Select Okta Application Source from the Authentication Type drop-down. This application will inherit the SAML configuration that was already done for the Okta application source. 2. Paste the application embed link that was copied from the application configuration in the Okta tenant. 3. Click Next. 2.4. Configure SaaS Application Access Policy GUIDE 33

1. Select an access policy for your SaaS application from the Access Policy drop-down. 2. Click Next. 2.5. Save SaaS Application GUIDE 34

Click Save & Assign. 3. Assign SaaS Application GUIDE 35

1. Search for the test user or group to assign this application. 2. Select Automatic from the Deployment Type drop-down menu. 3. Click Save. 4. Log In to Workspace ONE Catalog GUIDE 36

Log in to the Workspace ONE catalog with your test user. 5. Open Test Okta Application GUIDE 37

1. Click Catalog. 2. Click Open to launch the test application that was added to the catalog. 6. Confirm Successful Authentication Into Test Application GUIDE 38

You should be logged in directly to the test application. Even though the client device is redirected to Okta in the interim, this redirection happens seamlessly without impacting end user sign-in experience. Configuring Okta as a Third-Party Identity Provider in Workspace ONE This exercise helps you to add Okta as a third-party identity provider within Workspace ONE. This allows end users to authenticate using Okta credentials when accessing the Workspace ONE catalog. 1. Retrieve Workspace ONE SP Metadata GUIDE 39

This configuration will be an inverse from configurations in the previous exercises. In the previous configuration, Workspace ONE was acting as an identity provider and Okta as a service provider. In this case, Workspace ONE will be the service provider and Okta the identity provider. First, you must retrieve the appropriate metadata file from the Workspace ONE admin console. Navigate to the SAML Metadata settings menu. Click Service Provider (SP) metadata to open the SP metadata file on a new browser file. You will use this metadata in a later step. 2. Add Application in Okta GUIDE 40

Return to the Okta admin console to add a new application. 1. Click Applications. 2. Click Applications. 3. Click Add Application. 2.1. Create New Application You must create a new SAML SP configuration in Okta to accept authentication requests from Workspace ONE. Click Create New App. 2.2. Create SAML 2.0 Application GUIDE 41

1. Select Web from the platform drop-down menu. 2. Select SAML 2.0 as the sign-in method. 3. Click Create. 2.3. Configure Application General Settings GUIDE 42

1. Enter a friendly name for App name, for example, Workspace ONE. 2. Click Next. 2.4. Copy SP Endpoints from Metadata GUIDE 43

Copy the required SP endpoints from the Workspace ONE SP metadata file. 1. Copy the AssertionConsumerService URL for HTTP-POST binding from the SP metadata file and paste it into the Single sign on URL text box. 2. Copy the Entity ID URL from the SP metadata file and paste it into the Audience URI (SP Entity ID) text box. 2.5. Confirm Name ID and Value Note that for this setup, you will use the default selection for the Name ID Format (Unspecified) and Application Username values. Okta sends the user's userprincipalname from Active Directory which will be matched to the user's userprincipalname in Workspace ONE. 2.6. Navigate to Next Step GUIDE 44

Scroll down and click Next. 2.7. Configure as Internal Application GUIDE 45

1. Select I'm an Okta customer adding an internal app. 2. Click Finish. 3. Assign Workspace One Application GUIDE 46

Assign this new application to your test user or group in Okta. 1. Click Assignments. 2. Click Assign. Select a specific user or user group. 3.1. Confirm User or Group Assignment Confirm the application has been assigned to your test user or group. 4. Download Okta IDP Metadata GUIDE 47

Download the IDP metadata file created for this new application in Okta. 1. Click the Sign-On tab. 2. RIght-click the Identity Provider Metadata link. 3. Click Save Link As... 4.1. Save Metadata File Locally GUIDE 48

1. Enter a unique name for the metadata file. 2. Click Save to save the file locally. 4.2. Copy Contents of Okta Metadata File GUIDE 49

Open and copy the contents of the recently downloaded metadata file. 5. Create Third-Party IDP in Workspace ONE Next, add Okta as a trusted third-party identity provider in Workspace ONE. Navigate to your Workspace ONE admin console. 1. 2. 3. 4. Click Identity & Access Management. Click Identity Providers. Click Add Identity Provider. Click Create Third-Party IDP. 5.1. Process Okta IDP Metadata GUIDE 50

1. Enter a friendly name for Identity Provider Name, for example, Okta. 2. Paste the contents of the metadata file downloaded from the Okta tenant. 3. Click Process IdP Metadata. 5.2. Change Name ID Value to userprincipalname Select userprincipalname from the Name ID Value on the first row. This will match the value being used for the unspecified Name ID format in Okta. 5.3. Assign User Directory, Network Range and Authentication Method to IDP GUIDE 51

1. Select your Active Directory as the user source for this third-party identity provider. This should be the same Active Directory used in Okta. 2. Select All Ranges as the Network Range for this identity provider. 3. Create a new authentication method for this identity provider to be used as part of the authentication policies. Enter a friendly name for Authentication Methods, for example, OktaPassword. 4. Select urn:oassis:names:tc:saml:2.0:ac:classes:passsword from the SAML Context drop-down menu. 5.4. Add Third-Party IDP Click Add to add the new IDP configuration. 6. Edit Default Access Policy Set GUIDE 52

Before we can test authentication with the Okta IDP we will need to modify the default access policy to use the authentication method associated with that IDP. 1. Click Identity & Access Management. 2. Click default_access_policy_set. 7. Edit Default Access Policy Set Click Edit. 8. Edit Test Device Policy GUIDE 53

1. Click Configuration. 2. Click to modify the policy for the device type you are testing with. 9. Add Okta IDP Authentication Method GUIDE 54

1. Select the authentication method associated with Okta IDP, for example, OktaPassword, from the authenticate using... drop-down menu. 2. Click Save. 9.1. Confirm Changes to Policy GUIDE 55

Click Next. 9.2. Save Default Policy Set Click Save. GUIDE 56

10. Test Authentication into Workspace ONE Catalog Now, test authenticating into the Workspace ONE catalog using a device platform for which the authentication policy changes where applied to. You should be redirected directly to authenticate with Okta credentials. 11. Confirm Successful Authentication into Workspace ONE Catalog GUIDE 57

Upon successful authentication with Okta you are granted access to the Workspace ONE catalog. Summary and Additional Resources Conclusion This tutorial provided steps to configure Workspace ONE as a third-party identity provider in Okta, create routing rules in Okta, add applications federated with Okta to the Workspace ONE app catalog, and configure Okta as a third-party identity provider in Workspace ONE. Additional Resources For more information about Workspace ONE, you can explore the following resources: VMware Workspace ONE Action Path VMware Workspace ONE product page VMware Workspace ONE Documentation VMware Identity Manager product page VMware Identity Manager Documentation VMware Workspace ONE UEM, powered by VMware AirWatch product page VMware AirWatch Documentation VMware Workspace ONE free trial VMware Workspace ONE Cloud-Based Reference Architecture VMware Workspace ONE and VMware Horizon 7 Enterprise Edition On-premises Reference Architecture VMware End-User-Computing Blogs Workspace ONE UEM Hands-On Lab About the Author This exercise was written by: Camilo Lotero, Senior Technical Marketing Manager, End-User-Computing Technical Marketing, VMware Feedback The purpose of this tutorial is to assist you. Your feedback is valuable. To comment on this tutorial, contact VMware End-UserComputing Technical Marketing at euc_tech_content_feedback@vmware.com. GUIDE 58

VMware, Inc. 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www.vmware.com Copyright 2017 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback