Skip to main content

Configuring VMware Workspace One For SSO

This section documents the standard configuration for VMware Workspace One as an identity provider to support log in to the DataGrail app. With this configuration, user roles must be managed within DataGrail.

Persons Needed to Complete Configuration: IT Person from your organization

  1. Navigate to Catalog, Web Apps, and select New.
  2. Enter a Name and Description. Select Next.
  3. Complete the app Configuration.
SAML Configuration

Authentication Type: SAML 2.0

Configuration: Manual

Single Sign-On URL (ACS URL): https://<subdomain>.datagrail.io/saml/auth

Recipient URL: https://<subdomain>.datagrail.io/saml/auth

Application ID (Entity ID): https://<subdomain>.datagrail.io/saml/metadata

Username Format: Email Address

Username Value (Name ID Value): ${user.email}

<subdomain> should be replaced with the subdomain configured for your account. If you log in to DataGrail at yourcompanyname.datagrail.io, your subdomain will be yourcompanyname.

If you are unclear on what your subdomain would be, please confirm with your Account Manager or reach out to support@datagrail.io.

  1. Select Advanced Properties and complete the configuration.
Advanced Properties Configuration

Sign Response: true

Sign Assertion: true

Encrypt Assertion: false

Include Assertion Signature: false

Device SSO Response: false

Enable Force Authn Request: true

Signature Algorithm: SHA256

Digest Algorithm: SHA256

Assertion Time: 200

Application Login URL: https://<subdomain>.datagrail.io/saml/login

<subdomain> should be replaced with the subdomain configured for your account. If you log in to DataGrail at yourcompanyname.datagrail.io, your subdomain will be yourcompanyname.

If you are unclear on what your subdomain would be, please confirm with your Account Manager or reach out to support@datagrail.io.

  1. Select Next to navigate to the Configuration page and enter the required details.
Configuration Details

Custom Attribute Mapping

NameFormatNamespaceValue
first_nameBasic${user.firstName}
emailBasic${user.email}
last_nameBasic${user.lastName}

Open in Workspace One: Yes if desired

Show in User Portal: Yes

  1. Select Next to navigate to the Access Policies page and select the appropriate policy to make the application to be accessible to users.
  2. Review that all the fields are correctly assigned then select Save & Assign.
  3. Under the new WebApp navigate to SAAS, SAML Metadata, and find and copy Identity Provider (IdP) Metadata.
  4. Send the Identity Provider (IdP) Metadata to DataGrail at support@datagrail.io. We will complete the configuration.
Inviting New Users

For more information on adding users and managing roles, see Inviting New Users.

 

Need help?
If you have any questions, please reach out to your dedicated Account Manager or contact us at support@datagrail.io.

Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.