SSO With VMware Workspace ONE

Last modified on September 17, 2024

This document details the steps to set up VMware Workspace ONE single sign-on (SSO) to manage authentication for StrongDM.

Steps

  1. In Workspace ONE, click Catalog and then click New to create a new SSO application with an OpenID Connect authentication type.
  2. On the Settings tab, configure the application by entering the following information (do not use a trailing slash for the URLs):
    1. Authentication Type: Select OpenID Connect.
    2. Client ID: Enter strongdmoidc or any other string value.
    3. Redirect URL: Set https://app.strongdm.com/auth/return.
    4. Target URL: Set https://app.strongdm.com.
      Configure Application
      Configure Application
  3. Click Save to create the app. Copy the Client ID and Client Secret values. You will need these values in the next step.
  4. Next, enter the account details in the StrongDM Admin UI. Go to Settings > User Management. In the Single Sign-on section, set the following:
    1. Provider: Select VMWare Workspace ONE.
    2. Single sign-on URL: Add your URL (https://<YOUR-ORG>.workspaceoneaccess.com/SAAS/auth). Do not include a trailing slash for the URL.
    3. Client ID: Paste your client ID.
    4. Client Secret: Paste your client secret.
  5. Select your desired general SSO settings and click activate.
    Configure Workspace ONE SSO in StrongDM
    Configure Workspace ONE SSO in StrongDM
  6. Confirm user access by doing the following:
    1. In Workspace One, make sure your users are entitled to the app you just created.
    2. In StrongDM, make sure you have created users whose email addresses match those in VMware exactly.
    3. In StrongDM, assign a Role to your test user that will grant access to one or more resources.
    4. Install the StrongDM Client, and try logging in with a VMware account.

If your test is successful, you should be ready to roll out SSO to your teams.