Quantcast
Channel: VMware Communities : Blog List - All Communities
Viewing all articles
Browse latest Browse all 3135

Display OneLogin Federated Applications in WMware Workspace ONE Portal

$
0
0

Use Case:

An organization wants to use OneLogin to federate with SaaS applications and utilize VMware Workspace ONE for conditional access and unified app portal (catalog/launcher).

Users will be able to log into Workspace ONE unified portal and see apps federated with OneLogin and VMware Identity Manager (Workspace ONE). When users click on apps in the unified portal (OneLogin federated or VMware Identity Manager federated), they experience seamless SSO.

 

Prerequisites:

  • Workspace ONE (VMware Identity Manager) configured as IDP for OneLogin. Please see following guide to learn how to set it up:

VMware Identity Manager as federated Identity Provider for OneLogin

  • A SaaS application federated with your OneLogin tenant. For simplicity, in this tutorial we use Salesforce.com. In your setup, assume your own app.
  • This tutorial assumes you have basic understanding of federated identity concepts.

 

Steps:

  1. Configure direct app level signon in OneLogin.
  2. In VMware Identity Manager, configure direct singon into OneLogin federated app.
  3. Test.

 

Detailed steps are provided below.


1. Configure direct app level signon in OneLogin 

  • Log into OneLogin admin interface and go to SETTINGS > Trusted IdPs > VMware Identity Manager.
  • Ensure "Sign users into OneLogin" and "Sign users into additional applications" are checked.
  • Click SAVE

Screen Shot 2016-12-17 at 5.08.05 PM.png

  • Select "App" tab
  • Check "Salesforce" app

Screen Shot 2016-12-17 at 5.13.58 PM.png

 

  • Click on the link for "Salesforce" app and copy the SAML Signon URL. OneLogin SAML Signon URL enables an identity provider to sign users directly into an app without the users going to OneLogin portal. This URL will be used in next step.

Screen Shot 2016-12-17 at 5.17.26 PM.png

 

2. In VMware Identity Manager, configure direct singon into OneLogin federated app

  • Configure VMware Identity Manager as IDP with OneLogin using following steps:

VMware Identity Manager as federated Identity Provider for OneLogin

  • In VMware Identity Manager, goto: Catalog > Application Catalog and select "OneLogin" application.
  • Select "Details" section under Application Info.

Screen Shot 2016-12-17 at 12.26.53 PM.png

 

  • Under Application Details, change Application Name from "OneLogin" to "Salesforce (OneLogin Federated)".
  • Click Save.

Screen Shot 2016-12-17 at 12.28.01 PM.png

 

  • Click "Configuration".
  • Copy SAML Signon URL from step 1 to "Assertion Consume Service" text box.

Screen Shot 2016-12-17 at 5.47.30 PM.png

 

  • Click Save.
  • If you have multiple applications, please repeat step 2 for each application.


Test federation connection

Before we start testing, it might help to review our test environment setup. The following diagram provide high level understanding:

 

Screen Shot 2016-12-17 at 7.01.52 PM.png

 

SP initiated authentication flow

    This can be tested by going to your OneLogin federated app. For example, Salesforce.com My Domain URL (i.e. https://onloginworkspace-dev-ed.my.salesforce.com)

     Following video demonstrates this login flow:

     https://youtu.be/yP7qL5kX4c4

 

IDP initiated authentication flow

    This can be tested by going to your Workspace ONE (VMware Identity Manager) unified portal (i.e. https://acmecorp.vmwareidentity.com).

    Following video demonstrates this login flow:

    https://youtu.be/7T-AvRWiOec

   

Also check out:

VMware Workspace ONE and OneLogin Integration Use Cases


Viewing all articles
Browse latest Browse all 3135

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>