Okta

How to Configure SAML 2.0 for AirWatch Admin Portal


Read this before you enable SAML

AirWatch Admin Portal OAN application can be used for the Admin Portal access and user device enrollment.

In order to enroll your device, use the mobile AirWatch MDM Agent. It is available from most mobile application stores.

You can find more information here: http://www.air-watch.com/solutions/mobile-device-management/.

Contents


Supported Features

The Okta/AirWatch Admin Portal SAML integration currently supports the following features:

For more information on the listed features, visit the Okta Glossary.


Configuration Steps

  1. Login to your AirWatch Admin Portal Account.

  2. Select Groups and Settings:

    “Airwatch1.png"

  3. Select All Settings:

    “Airwatch2.png"

  4. Select Enterprise Integration:

    “Airwatch3.png"

  5. Select Directory Services:

    “Airwatch4.png"

  6. Enter the following settings (see screen shot at end of step for reference):

    • Check the Use SAML for Authentication box.

    • In the SAML Section:

      • Service Provider ID: Make sure this is AirWatch.

      • Identity Provider ID: Copy and paste the following into this field.

        Sign into the Okta Admin Dashboard to generate this variable.

    • In the REQUEST section:

      • Request Binding Type: Select POST.

      • Identity Provider Single Sign On URL: Copy and paste the following into this field:

        Sign into the Okta Admin Dashboard to generate this variable.

      • NameID Format: Select Unspecified.

    “Airwatch5.png"

  7. Continue with the following settings (see screen shot at end of step for reference):

    • In the RESPONSE Section:

      • Response Binding Type: Select POST.

      • Leave the other values as-is.

      • Make a copy of the value in the Sp Assertion Url field.

    • In the CERTIFICATE section, first download then Upload the following certificate:

      Sign into the Okta Admin Dashboard to generate this variable.

    • Select Save

    “Airwatch6.png"

  8. In Okta, select the Sign On tab for the AirWatch Admin Portal SAML app, then click Edit:

    • In the SAML ACS Url field enter the following value:

      [yourAirwatchHost]/[Sp Assertion Url]

      Where the [Sp Assertion Url] value is the one you made a copy of in step 7 without the ~ character.

    • Click Save

    airwatch_newa.png

  9. Done!


Notes

SP-initiated SSO

Open the following URL: [yourAirwatchHost]/AirWatch/Login?GID=[yourAirwatchGroupID]