The SAML provider for identity for AirWatch is done via VMware Identity manager.
Enabling SAML for enrollment onto AirWatch completes the integration to allow SSO for Apps.
An ACC and a VMware Identity Manager Connector is required to make it work.
Goto App > Authentication request > Redirect to SAML Provider (VIM) > token > each app is then redirected back to SAML(VIM) to check if the token is valid and the user is authenticated and valid to grant access.
Auth is handled by Kerberos Tickets internally.