By establishing trust between your Main IDM Tenant and IDP IDM Tenant by importing the Identity Provider Metadata, we were able to create an application that leveraged the Service Provider Metadata to single sign on your local aduser account from your IDP IDM Tenant into your Main IDM Tenant.
Although we used two VMware Identity Manager tenants for this exercise, establishing trust between another 3rd Party Identity Provider (IdP) (such as Okta, Ping, or ADFS) follows the same principals:
- Retrieve the Identity Provider (IdP) Metadata from your 3rd Party IDP.
- Create a 3rd Party IDP in VMware Identity Manager and provide the IDP Metadata to establish trust. Export the Service Provider Metadata during this step.
- Provide the Service Provider to your 3rd Party IDP to inform it on how to create the SAML Assertion for consumption by VMware Identity Manager.
Although the configuration in the 3rd Party IDP can differ from solution to solution, the overall flow remains the same and can be implemented with the same logic.