# SSO With VMware Workspace ONE

This document details the steps to set up VMware Workspace ONE single sign-on (SSO) to manage authentication for StrongDM.

### Steps

{% hint style="info" %}
These instructions vary based on your organization's StrongDM region (not your individual location).
{% endhint %}

{% tabs %}
{% tab title="US" %}

1. In Workspace ONE, click **Catalog** and then click **New** to create a new SSO application with an **OpenID Connect** authentication type.
2. On the **Settings** tab, configure the application by entering the following information (do not use a trailing slash for the URLs):
   1. **Authentication Type:** Select **OpenID Connect**.
   2. **Client ID:** Enter **strongdmoidc** or any other string value.
   3. **Redirect URL:** `https://app.strongdm.com/auth/return`
   4. **Target URL:** `https://app.strongdm.com`
3. Click **Save** to create the app.
4. Copy the **Client ID** and **Client Secret** values. You will need these values in the next step.
5. Next, enter the account details in the StrongDM Admin UI. Go to **Settings** > **User Management**. In the **Single Sign-on** section, set the following:
   1. **Provider**: Select **VMWare Workspace ONE**.
   2. **Single Sign-on URL**: Add your URL in the format `https://yourorg.workspaceoneaccess.com/SAAS/auth`. Do not include a trailing slash.
   3. **Client ID**: Paste your Client ID.
   4. **Client Secret:** Paste your Client Secret.
   5. Select your desired General SSO settings, then click **Activate.**
6. Confirm user access by doing the following:
   1. In Workspace One, make sure your users are entitled to the app you just created.
   2. In StrongDM, make sure you have created users whose email addresses match those in VMware exactly.
   3. In StrongDM, assign a role to your test user that will grant access to one or more resources. 4. Install the [StrongDM Client](https://app.gitbook.com/s/HaY8OFbXUreWEF61MhKm/client), and try logging in with a VMware account.

If your test is successful, you should be ready to roll out SSO to your teams.
{% endtab %}

{% tab title="UK" %}
*Follow instructions in the tab for the region of your organization's StrongDM control plane, not your own location. The default control plane region is US.*

1. In Workspace ONE, click **Catalog** and then click **New** to create a new SSO application with an **OpenID Connect** authentication type.
2. On the **Settings** tab, configure the application by entering the following information (do not use a trailing slash for the URLs):
   1. **Authentication Type:** Select **OpenID Connect**.
   2. **Client ID:** Enter **strongdmoidc** or any other string value.
   3. **Redirect URL:** `https://app.uk.strongdm.com/auth/return`
   4. **Target URL:** `https://app.uk.strongdm.com`
3. Click **Save** to create the app.
4. Copy the **Client ID** and **Client Secret** values. You will need these values in the next step.
5. Next, enter the account details in the StrongDM Admin UI. Go to **Settings** > **User Management**. In the **Single Sign-on** section, set the following:
   1. **Provider**: Select **VMWare Workspace ONE**.
   2. **Single Sign-on URL**: Add your URL in the format `https://yourorg.workspaceoneaccess.com/SAAS/auth`. Do not include a trailing slash.
   3. **Client ID**: Paste your Client ID.
   4. **Client Secret:** Paste your Client Secret.
   5. Select your desired General SSO settings, then click **Activate.**
6. Confirm user access by doing the following:
   1. In Workspace One, make sure your users are entitled to the app you just created.
   2. In StrongDM, make sure you have created users whose email addresses match those in VMware exactly.
   3. In StrongDM, assign a role to your test user that will grant access to one or more resources. 4. Install the [StrongDM Client](https://app.gitbook.com/s/HaY8OFbXUreWEF61MhKm/client), and try logging in with a VMware account.

If your test is successful, you should be ready to roll out SSO to your teams.
{% endtab %}

{% tab title="EU" %}
*Follow instructions in the tab for the region of your organization's StrongDM control plane, not your own location. The default control plane region is US.*

1. In Workspace ONE, click **Catalog** and then click **New** to create a new SSO application with an **OpenID Connect** authentication type.
2. On the **Settings** tab, configure the application by entering the following information (do not use a trailing slash for the URLs):
   1. **Authentication Type:** Select **OpenID Connect**.
   2. **Client ID:** Enter **strongdmoidc** or any other string value.
   3. **Redirect URL:** `https://app.eu.strongdm.com/auth/return`
   4. **Target URL:** `https://app.eu.strongdm.com`
3. Click **Save** to create the app.
4. Copy the **Client ID** and **Client Secret** values. You will need these values in the next step.
5. Next, enter the account details in the StrongDM Admin UI. Go to **Settings** > **User Management**. In the **Single Sign-on** section, set the following:
   1. **Provider**: Select **VMWare Workspace ONE**.
   2. **Single Sign-on URL**: Add your URL in the format `https://yourorg.workspaceoneaccess.com/SAAS/auth`. Do not include a trailing slash.
   3. **Client ID**: Paste your Client ID.
   4. **Client Secret:** Paste your Client Secret.
   5. Select your desired General SSO settings, then click **Activate.**
6. Confirm user access by doing the following:
   1. In Workspace One, make sure your users are entitled to the app you just created.
   2. In StrongDM, make sure you have created users whose email addresses match those in VMware exactly.
   3. In StrongDM, assign a role to your test user that will grant access to one or more resources. 4. Install the [StrongDM Client](https://app.gitbook.com/s/HaY8OFbXUreWEF61MhKm/client), and try logging in with a VMware account.

If your test is successful, you should be ready to roll out SSO to your teams.
{% endtab %}
{% endtabs %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.strongdm.com/admin/principals/sso/vmware-oidc.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.