1. Enter "{yourtenant}-idp" for the Identity Provider Name.  
   NOTE - Replace {yourtenant} with the actual name of your IDP IDM Tenant!
2. Click the File Explorer shortcut from the Task bar.

1. Click Downloads.
2. Double-click idp.xml to open the file.

Back in the Main IDM Tenant,

1. Right-click within the SAML Metadata text field.
2. Click Paste.
3. Click Process IdP Metadata.

After processing the provided IdP Metadata from IDP IDM Tenant, you'll see that the Name ID Format Mappings have been completed.  Rather than setting these values up manually, we simply provided the IdP Meatadata to populate these values.

Continue to the next step.

1. Scroll down to find the Users, Network, and Authentication Methods sections.
2. Enable the Company_Directory_##### users to authenticate with this 3rd Party IDP.  The Company_Directory_##### directory was auto-created from AirWatch when we integrated VMware Identity Manager and synced our corp.local users.  This directory contains the users from corp.local.
3. Enable ALL RANGES for the Network.
4. Enter "{yourtenant}-idp-password" for the Authentication Methods name.  This name will be displayed in our Access Policies in the upcoming steps to determine how users authenticate.
   NOTE - Be sure to replace {yourtenant} with the name of your actual IDP IDM Tenant!
5. Click the SAML Context dropdown and select urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport from the list.  This dictates how our SAML assertion will be sent to our IDP IDM Tenant for authentication.

Scroll down to the bottom of the page.

1. Right-click the Service Provider (SP) Metadata link.
2. Click Save link as...

Click Add.

1. Click Configuration.
2. Click Add Policy Rule.

1. Select ALL RANGES for the network range.
2. Select All Device Types for the device type.
3. Click the Groups textbox to display the list of available groups.
4. Click [email protected].

1. Scroll down to the bottom.
2. Select Authenticate Using... for the action.
3. Select {yourtenant}-idp-password from the list for the primary authentication method.  REMEMBER - this will be the name of the authentication method you entered while configuring the 3rd Party IdP earlier and should have your actual tenant name instead of "yourtenant"!
4. Select Password (Local Directory) from the list for the fallback authentication method.
5. Click Save.

1. Click and drag the Policy Rule you created using the {yourtenant}-idp-password authentication type to the top of the list.
   NOTE - Your created Policy Rule should appear above the other default policy rules before continuing!
2. Click Next.

Review the configuration details as desired and then click Save.