EUCZero Trust Journey 2021 Getting StartedConfiguring the Workspace ONE Access and the AirWatch Cloud Connector

Configuring the Workspace ONE Access and the AirWatch Cloud Connector

Part 1. Configuring the Workspace ONE Access Connector

  • We will be downloading a custom JSON for the Workspace ONE Access Connector
  1. On your ControlCenter Server
    • Open your Chrome browser
    • In the Address bar, enter your custom Workspace ONE Access URL
    • In the Username area, enter system administrator name
    • In the Password area, enter your custom password
    • Select Sign In
  1. In the Web Intelligent Hub console
    • To the right, select and right click the TA icon
    • Select Workspace ONE Access Console
  1. In the Workspace ONE Access Console
    • Select the Identity & Access Management tab
  1. In the Workspace ONE Access Console
    • Select Setup
  1. In the Workspace ONE Access Console > Setup area
    • Select NEW
  1. In the Workspace ONE Access Console > Setup area > Select the Connector window
    • Select the radio button next to Workspace ONE Access Connector 21.08
    • Select OK
  1. In the Confirm Workspace ONE 21.08 Connector window
    • Select PROCEED ANYWAY
  1. In the Add New Connector window
    • Select NEXT
  1. In the Add New Connector window
    • Next to Password , enter VMware1!VMware1!
    • Next to Reenter Password, enter VMware1!VMware1!
    • Select DOWNLOAD CONFIGURATION FILE
    • Note a es-config.json file should have downloaded
    • Select NEXT
  1. In the Add New Connector/Summary window
    • Select CLOSE
  1. On your ControlCenter server
    • Select the dropdown Icon next to your json download
    • Select Show in folder
  1. In the Downloads folder
    • Select and right-click the es-config.json file
    • Select Copy
    • In the File Explorer Inventory, select Desktop
    • Under Desktop, select the software shortcut
    • Under Software, open the ACCESS folder
    • In the ACCESS folder, Paste the es-config.json file

Part 2. Installing and Configuring the Workspace ONE Access Connector

  1. On your ControlCenter server
    • On your desktop select your Remote Desktops folder
    • Select and launch your WS1-Connector.RDP shortcut.
  1. On the WS1-Connector server
    • On the Desktop, open the Software folder shortcut
  1. On the WS1-Connector server
    • In the software network share, browse the ACCESS directory
  1. In the Access folder
    • Select the Workspace-ONE-Access-Connector-Installer-21.08.0.0.exe installer
      • and right-click,
    • Select Run as administrator
  1. In the Open File - Security Warning window
    • Select Run
  1. On the Workspace ONE Access Connector - Installation Wizard
    • Select Next
  1. On the Workspace ONE Access Connector- Installation Wizard - license agreement page
    • Select radio button next to I accept the terms in the license agreement
    • Select Next
  1. On the Workspace ONE Access Connector- Installation Wizard
    • Under Service Selection
      • Accept the Default (Note all services are installable by default)
    • Select Next
  1. On the Workspace ONE Access Connector- InstallShield Wizard
    • Under Click on Browse for the configuration file.
      • Enter \\horizon\software\ACCESS\es-config.json
    • Next to Password: enter VMware1!VMware1!
    • Select Next
  1. Workspace ONE Access Connector- Installation Wizard
    • Accept the Default
    • Select Next
  1. On the Workspace ONE Access Connector- Installation Wizard
    • Under User name: enter
      • euc-livefire\administrator
    • Under Password: enter
      • VMware1!
    • Select Next
  1. On the Workspace ONE Access Connector- Installation Wizard
    • Select Install
      • The Installation takes about 7 min.
  1. On the Workspace ONE Access Connector- Installation Wizard
    • Select Finish
  1. On your ControlCenter server
    • Switch back to your Workspace ONE Access Admin console
    • Selet the refresh button to the right of your Connectors window
      • Note the Added connector with its associated Enterprise Services

Part 3 . Configuring Active Directory Sync

We will now configure and synchronise Active Directory to the Workspace ONE Access server using the external connector.

First we will configure the Attributes. Note!  Every organisation will need to research their requirements when deciding whether or not to set attributes to required. For specific applications where this needs to be considered,  if the associated user object does not have the attribute, authentication might fail.

  1. Navigate to Identity & Access Management > Setup > User Attributes
    Notice the attributes that are available and the option available to set these to Required. IMPORTANT NOTE: The attributes set to required cannot be changed after a directory sync has taken place.
    • Set the attribute distinguishedName and userPrincipalName to Required 
    • Under Attributes to the right select the Green Plus ( Add the following additional attributes (case sensitive) :
      • objectGUID 
      • title
      • managerDN
    • Select Save
  1. Configuring AD-sync configuration with Workspace ONE Access.
    • To the right of the screen select Manage, select Directories
    • Select Add Directory > Active Directory
  1. In the Add Directory Page, configure the following (please note) The Bind syntax appears to be case sensitive
    • Directory Name: LivefireSync
    • Ensure the Active Directory over LDAP radio button is selected
    • Scroll down to Bind User Details
    • Next to :
      • Base DN: dc=EUC-Livefire,dc=com
      • Bind DN: cn=administrator,ou=corp,dc=EUC-Livefire,dc=com
      • Bind DN Password: VMware1!
    • Select Save & Configure

 

  1. On the Select the Domains page,
    • euc-livefire.com should be discovered.
      • Select Next.

 

  1. On the Map User Attribute page configure the following :
    • Scroll down to objectGuid and select the drop down arrow select objectGUID.
    • Since this is the attribute we setup earlier in User Attributes we will also need to map it to an AD attribute.
    • Next to managerDN select custom input and type manager in the dropdown
    • Next to title select title in the dropdown
    • Select Next  
  1. Configure our AD-sync configuration with Workspace ONE Access....continued
    • On the Select the Groups you want to sync page, select the green plus (+) to the right of the page,
    • Under Specify the group DNs  enter dc=euc-livefire,dc=com
    • Select Select All  check box
    • Select Next.
  1. In the Select Users you would like to sync window
    • Under Specify the user DNs
      • edit the existing syntax so that it reads
        • ou=corp,dc=EUC-Livefire,dc=com
      • Select Next
  1. On the Sync Frequency window
    • Select Sync Directory
  1. On the Directories window
    • Refresh your window
    • Note the Synced Groups and Users

Part 4: AirWatch Cloud Connector -  Installation

  1. On the ControlCenter desktop
    • Open and locate the Remote Desktop Folder.
    • Launch  WS1-Connector.euc-livefire.com RDP shortcut.
    • Open your chrome browser
      • login to cn-livefire.awmdm.com,
        • Using your custom username
          • Select Next
        • Under Password enter VMware1!
        • Select Log In
    • If you get prompted with Workspace ONE UEM highlights, Close the window.
  1. In the Workspace ONE UEM console
    • Navigate to Groups & Settings > All Settings > System > Enterprise Integration  > Cloud Connector
  1. Select the Override radio button and then select ENABLED on both toggle options.
    • Select Save at the bottom of the page
    • NOTE:Make sure Override is set at Current Settings and saved before downloading the AirWatch Cloud Connector
  1. Now click the Download AirWatch Cloud Connector Installer
  1. On the Download AirWatch Cloud Connector (ACC-installer.exe)
    • Type VMware1! in the Password and Confirm Pasword boxes.
    • Select DOWNLOAD
    • If you get a security prompt from your browser select keep
  1. On the Ws1-Connector machine, install the ACC using the installer that you have downloaded. This might require a reboot of the Server.
    1. Select Airwatch Cloud Connector.exe and select open
    2. In the Windows protected your PC window
      • Select More Info
      • Select Run anyway
    3. Select Run
    4. Select Next
    5. Select the licensing to accept terms... radio button , select Next
    6. Select Next
    7. In the ACC Certificate Password window
      • Type the password VMware1!
      • Select Next
    8. Select Next
    9. Select Install
    10. Select Finish
      • If prompted to restart
        • Restart
        • Reconnect and relogin

If you see an error regarding the installation of .net framework reach out to your instructor so he can guide you through a manual installation.

  1. Once the ACC is installed you can test the connection inside the UEM console.

You should see AirWatch Cloud Connector is active

  1. You will now see that there are two services in the Programs and Features that are considered "connectors" We have the AirWatch Cloud Connector and the VMware Identity Manager Connector

 

Part 5 Workspace ONE UEM & Active Directory Integration

  1. In your Settings window
    • From the left hand navigation pane select Directory Services under Enterprise Integration
    • Select the Overide radio button
    • Select Skip wizard and configure manually
  1. From the Directory Services Interface, Under the Server Tab ensure the following are selected
    • Directory: LDAP-Active Directory
    • DNS SRV: Disabled
    • Server : ControlCenter.euc-livefire.com
    • Encryption Type: None
    • Port: 389
    • Protocol Version: 3
    • User Service Account Credentials: Disabled
    • Bind Authentication Type: GSS-Negotiate
    • Bind User Name: administrator
    • Bind Password: VMware1!
    • Under Domain: euc-livefire.com
    • Under Server: ControlCenter.euc-livefire.com
  1. Scroll back up to the User Tab
  • Validate the following configuration is configured under the User Tab
    • Under Base DN, ensure that DC=euc-livefire,DC=com has automatically populated.
      • If not, click on the + icon and add DC=euc-livefire,DC=com
    • Next to User Object Class, ensure person is the property
    • Next to User Search Filter,  ensure (&(objectCategory=person)(sAMAccountName={EnrollmentUser})) is the string

 

  1. Repeat these steps for the third tab Group
    • Under Base DN, next to defaultUserDN select the + icon
    • Select the first option which is DC=euc-livefire,DC=com, you may be require to manually type this value.
    • Scroll to the bottom of the page and select Save
    • Select TEST CONNECTION
  1. You should have a Test Connection window launch saying Connection successful....
    • Select CANCEL to close the window
    • Close the Enrollment window
  1. Let's ensure users can enroll their devices using Active Directory credentials.
    • Select Groups & Settings , > All Settings under Devices & User > General  > Enrollment
    •  Ensure the Override radio button is selected.
    • Next to Authentication Modes(s) ensure the the  Directory check box is selected
    • Next to Source of Authentication for Intelligent Hub click Workspace ONE Access
    • Select SAVE
    • Close the Settings window, by selecting the X on the right of the window.

0 Comments

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.