Up until Workspace ONE UEM Console 1810, the SAML authentication login flow was being executed only on entering the Organization Group ID (GID) as a parameter in the console login URL. If the GID is not provided, the Administrator is asked to enter a password, even if SAML is configured for authentication, thus bypassing the entire SAML flow and not adhering to standards of Identity Federation.
With the upcoming Workspace ONE UEM Console 1811 release, the Console login page is being modified to accept only the Administrator username which will be used to identify the Organization Group (OG) that the admin has been created at. The OG will then be checked to determine if SAML is enabled and configured and if yes, the SAML authentication flow will be enforced.
If SAML is not enabled at the OG or if the username is invalid, then the Administrator will be presented with the password field to facilitate the normal login flow.
The changes offer a major improvement to the user experience for Customers and their Administrators that use SAML as their preferred mode of authenticating admins into the UEM Console. These changes also enhance the Single-Sign-On (SSO) experience during subsequent logins.
Please note that a known issue prevents SAML Admins from accessing the SaaS apps and access policies pages from within the UEM Console. The recommended workaround for SAML admins is to access SaaS apps and access policies from the VMware Identity Manager (vIDM) Console that has been integrated with the UEM Console.
The vIDM Console URL can be viewed at Groups & Settings > All Settings > System > Enterprise Integration > VMware Identity Manager > Configuration in the UEM Console.
Support Contact Information
The VMware Workspace ONE Team
Other Languages: 日本語