EUCService Learning Reinhart / SanderROC VMware WeekChapter 1: Configuring the Workspace ONE Access and the AirWatch Cloud Connector

Chapter 1: Configuring the Workspace ONE Access and the AirWatch Cloud Connector

Part 1. Configuring the Workspace ONE Access Connector

  • We will be downloading a custom JSON for the Workspace ONE Access Connector
  1. On your ControlCenter Server:
    • Open your Chrome browser
    • In the Address bar, enter your custom Workspace ONE Access URL
    • In the Username area, enter system administrator name
    • In the Password area, enter your custom password
    • Select Sign In
  1. In the Web Intelligent Hub console
    • To the right, select and right click the TA icon
    • Select Workspace ONE Access Console
  1. In the Workspace ONE Access Console
    • Select the Identity & Access Management tab
  1. In the Workspace ONE Access Console
    • Select Setup
  1. In the Workspace ONE Access Console > Setup area
    • Select NEW
  1. In the Workspace ONE Access Console > Setup area > Select the Connector window
    • Select the radio button next to Workspace ONE Access Connector 21.08
    • Select OK
  1. In the Confirm Workspace ONE 21.08 Connector window
    • Select PROCEED ANYWAY
  1. In the Add New Connector window
    • Select NEXT
  1. In the Add New Connector window
    • Next to Password , enter VMware1!VMware1!
    • Next to Reenter Password, enter VMware1!VMware1!
    • Select DOWNLOAD CONFIGURATION FILE
    • Note a es-config.json file should have downloaded
    • Select NEXT
  1. In the Add New Connector/Summary window
    • Select CLOSE
  1. On your ControlCenter server
    • Select the dropdown Icon next to your json download
    • Select Show in folder
  1. In the Downloads folder
    • Select and right-click the es-config.json file
    • Select Copy
    • In the File Explorer Inventory, select Desktop
    • Under Desktop, select the software shortcut
    • Under Software, open the ACCESS folder
    • In the ACCESS folder, Paste the es-config.json file

Part 2. Installing and Configuring the Workspace ONE Access Connector

  1. On your ControlCenter server
    • On your desktop select your Remote Desktops folder
    • Select and launch your WS1-Connector.RDP shortcut.
  1. On the WS1-Connector server
    • On the Desktop, open the Software folder shortcut
  1. On the WS1-Connector server
    • In the software network share, browse the ACCESS directory
  1. In the Access folder
    • Select the Workspace-ONE-Access-Connector-Installer-21.08.0.0.exe installer
      • and right-click,
    • Select Run as administrator
  1. In the Open File - Security Warning window
    • Select Run
  1. On the Workspace ONE Access Connector - Installation Wizard
    • Select Next
  1. On the Workspace ONE Access Connector- Installation Wizard - license agreement page
    • Select radio button next to I accept the terms in the license agreement
    • Select Next
  1. On the Workspace ONE Access Connector- Installation Wizard
    • Under Service Selection
      • Accept the Default (Note all services are installable by default)
    • Select Next
  1. On the Workspace ONE Access Connector- InstallShield Wizard
    • Under Click on Browse for the configuration file.
      • Enter \\horizon\software\ACCESS\es-config.json
    • Next to Password: enter VMware1!VMware1!
    • Select Next
  1. Workspace ONE Access Connector- Installation Wizard
    • Accept the Default
    • Select Next
  1. On the Workspace ONE Access Connector- Installation Wizard
    • Under Domain or Server: enter
      • euc-livefire
    • Under User name: enter
      • administrator
    • Select OK
    • Under Password: enter
      • VMware1!
    • Select Next
  1. On the Workspace ONE Access Connector- Installation Wizard
    • Select Install
      • The Installation takes about 7 min.
  1. On the Workspace ONE Access Connector- Installation Wizard
    • Select Finish
  1. On your ControlCenter server
    • Switch back to your Workspace ONE Access Admin console
    • Selet the refresh button to the right of your Connectors window
      • Note the Added connector with its associated Enterprise Services

Part 3 . Configuring Active Directory Sync

We will now configure and synchronise Active Directory to the Workspace ONE Access server using the external connector.

First we will configure the Attributes. Note!  Every organisation will need to research their requirements when deciding whether or not to set attributes to required. For specific applications where this needs to be considered,  if the associated user object does not have the attribute, authentication might fail.

  1. Navigate to Identity & Access Management > Setup > User Attributes
    Notice the attributes that are available and the option available to set these to Required. IMPORTANT NOTE: The attributes set to required cannot be changed after a directory sync has taken place.
    • Set the attribute distinguishedName and userPrincipalName to Required 
    • Under Attributes to the right select the Green Plus ( Add the following additional attributes (case sensitive) :
      • objectGUID 
      • title
      • managerDN
    • Select Save
  1. Configuring AD-sync configuration with Workspace ONE Access.
    • To the right of the screen select Manage, select Directories
    • Select Add Directory > Active Directory
  1. In the Add Directory Page, configure the following (please note) The Bind syntax appears to be case sensitive
    • Directory Name: LivefireSync
    • Ensure the Active Directory over LDAP radio button is selected
    • Scroll down to Bind User Details
    • Next to :
      • Base DN: dc=EUC-Livefire,dc=com
      • Bind DN: cn=administrator,ou=corp,dc=EUC-Livefire,dc=com
      • Bind DN Password: VMware1!
    • Select Save & Configure

 

  1. On the Select the Domains page,
    • euc-livefire.com should be discovered.
      • Select Next.

 

  1. On the Map User Attribute page configure the following :
    • Scroll down to objectGuid and select the drop down arrow select objectGUID.
    • Since this is the attribute we setup earlier in User Attributes we will also need to map it to an AD attribute.
    • Next to managerDN select custom input and type manager in the dropdown
    • Next to title select title in the dropdown
    • Select Next  
  1. Configure our AD-sync configuration with Workspace ONE Access....continued
    • On the Select the Groups you want to sync page, select the green plus (+) to the right of the page,
    • Under Specify the group DNs  enter dc=euc-livefire,dc=com
    • Select Select All  check box
    • Select Next.
  1. In the Select Users you would like to sync window
    • Under Specify the user DNs
      • edit the existing syntax so that it reads
        • ou=corp,dc=EUC-Livefire,dc=com
      • Select Next
  1. On the Sync Frequency window
    • Select Sync Directory
  1. On the Directories window
    • Refresh your window
    • Note the Synced Groups and Users

Part 4: AirWatch Cloud Connector -  Installation

  1. On the ControlCenter desktop
    • Open the Remote Desktop Folder.
    • Launch  WS1-Connector RDP shortcut. 
    • Open your chrome browser 
    • In the address bar, enter DW-livefire.awmdm.com,
    • In the username area, enter your custom email username 
      • Select Next
    • In the Password area enter  VMware1! 
    • If you get prompted with Workspace ONE UEM highlightsClose the window.
  1. Navigate to Groups & Settings > All Settings > System > Enterprise Integration  > Cloud Connector
  1. In the Cloud Connector area
    • Select the Overide radio button
      • Scroll down, select Save at the bottom of the page
  1. In the Cloud Connector area
    • Scroll down and select the Download AirWatch Cloud Connector Installer
  1. On the Download AirWatch Cloud Connector (ACC-installer.exe)
    • Type VMware1! in the Password and Confirm Pasword boxes.
    • Select DOWNLOAD
    • If you get a security prompt from your browser select keep
  1. On the Ws1-Connector machine,
    • Select the Select Airwatch Cloud Connector.exe
    • Select open
    • Select More Info
    • Select Run Anyway
    • Select Next
    • Select the licensing to accept terms... radio button , select Next
    • Select Next
    • In the ACC Certificate Password window type the password VMware1! and select Next
    • Select Next
    • Select Install
    • Select OK
    • Select Finish
    • Select Yes
  1. On your ControlCenter server
    • Open a new tab on your Chrome browser
    • Enter dw-livefire.awmdm.com in your address bar
    • Login with your custom email username
    • Enter your custom Password
    • Select Log In
  1. In the UEM Admin Console
    • Go to Groups & Settings > All Settings
    • Under System, select Enterprise Integration
    • Under Enterprise Integration, select Cloud Connector
  1. In the Cloud Connector window
    • Scroll down
    • Select TEST CONNECTION

Note the screenshot

Your environment should also reflect that the Cloud Connector has been reached

  1. In the Cloud Connector window
    • Select the X to right to close the window

Part 5 Workspace ONE UEM & Active Directory Integration

  1. In the Workspace ONE UEM admin console
    • Select Groups & Settings > All Settings > System > Enterprise Integration
    • Under Enterprise Integration
      • Select Directory Services
    • In the Directory Services window
      • Select the Overide radio button
    • Select Skip wizard and configure manually
  1. From the Directory Services Interface,
    • Under the Server Tab , enable the following .
      • Directory: LDAP-Active Directory
      • DNS SRV: Disabled (default)
      • Server : ControlCenter.euc-livefire.com
      • Encryption Type: None
      • Port: 389 (default)
      • Protocol Version: 3 (default)
      • User Service Account Credentials: Disabled (default)
      • Bind Authentication Type: GSS-Negotiate (default)
      • Bind User Name: administrator
      • Bind Password: VMware1!
      • Domain: euc-livefire.com
  1. From the Directory Services Interface,
    • Under the User Tab , enable the following .
    • Validate the following configuration is configured under the User Tab
      • Under Base DN, ensure that DC=euc-livefire,DC=com has automatically populated.
        • If not, click on the + icon and add DC=euc-livefire,DC=com
      • Next to User Object Class, ensure person is the property
      • Next to User Search Filter,  ensure (&(objectCategory=person)(sAMAccountName={EnrollmentUser})) is the string

 

  1. From the Directory Services Interface,
    • Repeat these steps for the third tab Group
      • Under Base DN, notice validate that DC=euc-livefire,DC=com, is entered.
      • Scroll to the bottom of the page and select Save
      • Select TEST CONNECTION
  1. You should have a Test Connection window launch saying Connection successful....
    • Select CANCEL to close the window
  1. Let's ensure users can enroll their devices using Active Directory credentials.
    • Under Settings , select  Devices & Uses
    • Select > General
    • Select > Enrollment
    • Under the Enrollment area 
      • Select the Override radio button
      • Scroll down
        • Next to Authentication Modes(s) ensure the the  Directory check box is selected
        • Next to Source of Authentication for Intelligent Hub, select Workspace ONE ACCESS
      • Scroll down
        • Select SAVE
    • Close the Settings window, by selecting the X on the right of the window.

0 Comments

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.