Integrating Workspace ONE Access with Workspace ONE UEM (This integration allows Workspace ONE UEM to communicate with Workspace ONE Access through an Authentication API key and a certificate which will be downloaded from the Workspace ONE UEM Console and uploaded to the Workspace ONE Access Console):
Here are a couple of reasons why you want to do this:
Single Sign-On (SSO) support on the Unified Application Catalog for enrolled Workspace ONE UEM devices. When Workspace ONE UEM and Workspace ONE Access are integrated, users from Workspace ONE UEM enrolled devices can log in to their Workspace ONE app to access their enabled applications securely without entering multiple passwords.
The ability to set up authentication rule(s) in Workspace ONE Access based on Device Compliance configuration(s) from Workspace ONE UEM. This gives the possibility to only allow devices to certain applications that meet this compliance.
o In the Workspace ONE UEM Console: at the left panel, click Groups & Settings then Click All Settings.
Configure Workspace One UEM
o Under System, Click Enterprise Integration.
o After that, on the bottom one Click Workspace ONE Access.
o Click Configuration.
o Provide the Workspace ONE Access details:
1. Enter the Tenant URL for Workspace ONE Access which is provided only by VMware.
2. Enter the Username for the Workspace ONE Access tenant.
3. Enter the Password.
4. Click Test Connection. If successful, you see the message Test connection successful !
5. Click Save.
Now we have the basic authentication to the identity of the Workspace ONE Access environment.
In the Workspace ONE UEM Console: at the top right, click these nine dots, you will have your Workspace ONE Access as a service, which means the API connectivity has been fulfilled.
Now we will go to Workspace ONE Access Console.
Open Workspace ONE Access Administration Console.
- Click Identity & Access Management.
- At the top left, Click Setup.
- Click VMware Workspace ONE UEM.
Due to the previous actions in Workspace ONE UEM Console, everything is pre-populated,
We have successfully completed the integration between Workspace ONE UEM Console and Workspace ONE Access Console now.
Manually Connect Workspace One Access
Create a Service Account
In Accounts -> Administrators
Create a new “Basic” administrator with the role “Console Administrator” (or Air Watch Administrator) for your Organization Group.
Under API, select certificates and create a password
Save the User and then export the certificate for the user.
Create API Keys
In Groups & Settings -> All Settings -> System -> Advanced -> API -> Rest API
Enable API Access (if not already enabled)
Create two new API Keys. One will be admin and the other will be Enrollment User
Configure VMware Workspace ONE UEM in Workspace ONE Access
In the Workspace ONE Access console, go to Identity & Access Management -> Setup -> VMware Workspace ONE UEM
Enter your Workspace ONE UEM API URL, i.e., https://xxx.awmdm.com
Upload the certificate you previously created for the service account along with the password
Enter your Admin API Key
Enter your Enrolment User API Key
Enter your top Group ID
Click Save
In the catalog section, enter your device services URL, i.e., https://xxx.awmdm.com
Click Save
