Configuring Omnissa Access as an IDP in Island Enterprise Browser
In this blog
Introduction
Secure and seamless access to applications is more critical than ever. As organizations adopt modern security frameworks like Zero Trust, integrating a reliable Identity Provider (IDP) becomes a key component of their strategy. In this blog, we'll walk you through how to integrate Omnissa Access as an IDP for the Island Enterprise Browser—a powerful combination that enhances secure browsing while ensuring centralized identity and access management.
But first, let's introduce the players, what it is they say they do, and why they work well together:
The Players
Island Enterprise Browser
Island positions its Enterprise Browser as "work's next chapter," embedding zero‑trust security, granular data‑loss‑prevention controls, phishing protection, and deep activity visibility directly in a Chromium‑based browser experience. Because the controls live in the browser itself, IT can onboard third‑party contractors in minutes, give BYOD users a managed workspace, and log every work‑related click, without bolting on extra agents or proxies.
Omnissa Access
Omnissa Access is an identity‑and‑access‑management (IAM) platform that federates single sign‑on (SSO) across SaaS, virtual desktops, mobile, and traditional apps. Beyond SAML/OIDC SSO, Access layers conditional‑access policy, device‑compliance checks through its integration with Workspace ONE UEM, User and Login Risk scores via its integration with Intelligence and an app catalog that feels like an enterprise app store—all from a cloud‑native or on‑prem deployment. Further, Omnissa Access is a compelling choice for an Identity Provider (IDP) and Identity and Access Management (IAM) solution due to its robust security, seamless user experience, and scalability. It enables organizations to centralize authentication across all applications—cloud, on-premises, or hybrid—ensuring secure, consistent access management. With features like Single Sign-On (SSO), multi-factor authentication (MFA), and detailed access controls, Omnissa Access strengthens security while reducing friction for end users. Its integration capabilities with popular enterprise platforms and flexible policy management empower IT teams to enforce compliance, streamline onboarding and offboarding, and adapt quickly to organizational changes. This makes it ideal for modern businesses prioritizing both security and user productivity.
Why Identity‑Provider (IDP) & Just‑in‑Time (JIT) Provisioning matters to Island
1. A single source of truth for who can work
Island supports both IdP‑ and SP‑initiated SAML/OIDC flows and natively honors JIT user provisioning. When Island trusts an external IDP—such as Access—the moment a user successfully authenticates, Island automatically spins up (or de‑provisions) that browser profile with the right role, policies, and telemetry. No separate account‑sync jobs, no dangling identities.
2. Frictionless, risk‑aware access
Linking to an IDP means Island can inherit everything the identity layer already knows: MFA context, device posture scores, group memberships, even risk signals from User and Entity Behavior Analytics (UEBA) tools. That lets security teams write truly contextual policies—block clipboard on finance apps for contractors, allow paste for employees on managed laptops, for example—right in the browser UI without re‑implementing authentication.
Better Together: Island + Omnissa Access
When you designate Access as the IDP for Island, you unite two complementary control planes:
| Challenge | Omnissa Access | Island Enterprise Browser |
|---|---|---|
| Identity assurance | SAML/OIDC SSO, MFA adapters, conditional‑access engine | Enforces that identity at the last mile (the browser tab) |
| Device & posture checks | Compliance status from Workspace ONE UEM, risk scoring from Workspace ONE Intelligence | Real‑time policy (copy/paste, downloads, watermarking) based on those checks |
| User lifecycle | Automated JIT provisioning/de‑provisioning | Instant application of or removal of browser policies and audit logging |
| User experience | One‑click launch from Access catalog on any device | Familiar Chromium UX with zero extra logins |
Together they deliver end‑to‑end zero‑trust: Access verifies who and on what, Island controls what they can do next. Users enjoy seamless SSO; admins close visibility gaps between identity, endpoint, and browser. The result is faster contractor onboarding, safer BYOD programs, and dramatically lower risk of data leakage—without compromising productivity.
Configure SSO Integration in Island using Omnissa Access
To set up SSO integration in the Island Enterprise Browser, perform the following steps:
Note: this integration is performed using Island Enterprise Browser version 1.64.31 and Omnissa Access SaaS version 2412.
To configure this integration, you will start in the Omnissa Access Console.
From the Access Console, navigate to resources > web apps and click on the Settings button. From the settings popout navigate to SaaS Apps > SAML Metadata.
Launch the metadata information into a tab window.
From the new tab find the SAML:2.0:bindings"HTTP-Redirect location and copy the URL. Close the tab.
Copy the entire Signing Certificate from -----BEGIN CERTIFICATE through END CERTIFICATE-----
From the Island Management Console, navigate to Modules > Platform > System Settings > Integrations > IDP > User IDP Integration.
Click Setup for the Other SSO solutions
Click + Create. The Configure Browser IDP Integration drawer is displayed
Select Set Up Generic SAML SSO Integration. The User SSO Integration screen is displayed to assist in configuration.
Give the Integration a name
Add in the specific Accounts and/or Domains you'd like to have this IDP apply. This is optional. If left blank this integration will apply to every login attempt.
Add the metadata URL from Access into the Sign-in endpoint section. The URL should be in the format of https//FQDN/SAAS/auth/federation/sso.
Paste the Certificate acquired from Access into the Certificate section.
Click Save.
Configure SAML Integration in Omnissa Access
From the Access Console, navigate to Resources > Web Apps
Click New to launch the New SaaS Application wizard.
From the Definition section give the new SaaS App a name
Optionally upload a Icon
Click Next
Choose SAML 2.0 as the Authentication Type.
Choose Manual as the Configuration.
Fill in the following fields, adding the connection name in place of the existing "CONNECTION-NAME" in the URL:
- For Single Sign On URL:
https://login.island.io/login/callback?connection={CONNECTION-NAME} - For Recipient URL:
https://login.island.io/login/callback?connection={CONNECTION-NAME} - For Application ID:
urn:auth0:za-production:{CONNECTION-NAME}
- For Username Format:
Perisistent
- For Username Value
${user.email}
Expand Advanced Properties and navigate to the Custom Attribute Mapping add three rows.
Enter the following information:
| Name | Format | Namespace | Value |
| Basic | ${user.email} | ||
| family_name | Basic | ${user.lastName} | |
| Given_name | Basic | ${user.firstName} |
Click Next
Choose the appropriate Access Policy and click Next
Click Save & Assign
Assign the users you want this integration to apply to and click Save to finalize the integration.
What does this look like for the End User
Okay, so you've created the integration but what does this look like to the end user?
First the end user is going to need the Island Enterprise Browser installed onto their endpoint. This can be delivered in many ways; one method could be using Omnissa's Workspace One UEM to deliver the application to devices that are enrolled.
Once it's installed the user will open the Island Enterprise Browser Application
If there are multiple profiles the users will need to choose. If not this screen will be automatically bypassed.
The user will be automatically redirected to the IDP login screen. If there are multiple domain the user will be asked to make the choice and click Next.
The user will now login using their credentials and click Sign In.
And finally, they will be presented with their Island customized portal.
Conclusion
Configuring Omnissa Access as an Identity Provider for the Island Enterprise Browser isn't just a technical integration—it's a strategic alignment of security and user experience. By combining Omnissa's robust identity management and risk-aware access capabilities with Island's secure and policy-enforced browser environment, organizations can achieve true Zero Trust at the point of access.
This powerful pairing empowers IT teams with granular control while delivering seamless, secure access for users—whether they're employees, contractors, or BYOD participants. With just-in-time provisioning, contextual policy enforcement, and a unified user experience, this setup accelerates onboarding, reduces risk, and enhances productivity across your digital workspace.