Login as a Domain User

Now that we've established trust between AD FS as the Identity Provider and our Workspace ONE Access tenant as the Service Provider and configured our Relying Party Claim Rules to transform and issue the incoming claim to a format that our Workspace ONE Access tenant can process, we now need to attempt to login using the corp.local domain users and validate that our configurations are working.

1. Connect to the Windows 10 VM

Double-click the Win10-01a.rdp remote desktop connection shortcut from the Desktop.

2. Authenticate as a Domain User in the Browser

Open Google Chrome from the desktop,

  1. Navigate to your Workspace ONE Access tenant URL (https://{yourTenant}.vidmpreview.com).
    NOTE: Replace {yourTenant} with the name of your actual tenant!
  2. Enter holuser for the username.
  3. Click Next.

NOTE: The authentication may take several seconds to process, please be patient after clicking Next.

2.1. Confirm Authentication was Successful

Notice that the user was logged into the Workspace ONE Access tenant without having to enter their credentials.  Upon logging in as holuser, the 3rd party Identity Provider you configured attempted to authenticate the user using Kerberos first.  After the Claim is processed in AD FS, the claim is transformed via the Claim Rules we created earlier and responds in a manner that Workspace ONE Access is able to process, thus authorizing the user to login using SAML.

  1. Click the User dropdown.
  2. Click Sign Out.

NOTE: Signing out may take several seconds to process from AD FS.  Please wait until you are taken back to the Workspace ONE Access login page.

This will clear the login cookie for the holuser.  The next exercise will showcase using the VMware Workspace ONE App to login, so the cookie needs to be cleared first.

3. Authenticate as a Domain User in the VMware Workspace ONE App

  1. Launch the VMware Workspace ONE app.
  2. Enter your Workspace ONE Access tenant URL (https://{yourtenant}.vidmpreview.com).
    NOTE:
    Replace {yourtenant} with the name of your actual tenant!
  3. Click Continue.

3.1. Login as a corp.local domain user

  1. Enter holuser for the username.  This is one of the corp.local domain users we synced.
  2. Uncheck Remember this setting.
  3. Click Next.

NOTE: The authentication process may take several seconds after clicking Next.  Please be patient and wait until the next page loads.

3.2. Confirm Authentication was Successful

As seen in your browser session, the claim is transformed and the outgoing claim authorizes the user to access Workspace ONE via SAML without having to enter their credentials.

After successfully authenticating, you should see a message indicating that your workspace is being configured, and eventually that the workspace is ready.  

Click Enter.

0 Comments

Add your comment

E-Mail me when someone replies to this comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.