2. Integrating Workspace ONE Access with an existing Azure implementation
Introduction
The most common implementation of integrating with Microsoft Azure has and will always be, where a customer is already using Microsoft Azure and we wants to bring Workspace ONE Access to the table.
In this lab we will look at the configurations and related requirement to setup Microsoft Azure as a 3rd Party IDP to Workspace ONE Access
The above steps assume you have your own developer account
Intro
This option might not be a mandatory requirement, if the namespace we are using internally is publicly resolvable, in other words is not a private namespace like .local or .priv. and is unique.
In our lab environments, the euc-livefire.com namespace is resolvable. This however, is not a unique namespace, as everyones Microsoft Active Directory environment is sharing a common namespace. For us to be able to integrate our lab environments with Microsoft 365, its necessary to associate a unique namespace with an individual Microsoft 365 account. Each attendee has been offered a unique DNS Zone namespace under the *.euc-livefire.com namespace.
In this session we will associate this unique namespace with Microsoft Active Directory using the Active Directory Domains & Trusts feature
- On your ControlCenter server
- In the bottom left corner
- Select the Start button
- In the Start Menu
- Select Windows Administrative Tools
- In the bottom left corner
- In the Administration Tools menu
- Select the Active Directory Domains and Trusts shortcut
- In Active Directory Domains and Trusts
-
In the Inventory
-
Select and right click
- Active Directory Domains and Trusts
- Select Properties
- Active Directory Domains and Trusts
-
Select and right click
-
In the Inventory
- In the Active Directory Domains and Trusts window
- Under Alternative UPN Suffixes
- Enter the FQDN of your Azure Domain
- e.g. CorpXXX.euc-livefire.com
- where XXX is your assigned Domain Identifier
- e.g. CorpXXX.euc-livefire.com
- Select Add
- Enter the FQDN of your Azure Domain
- Under Alternative UPN Suffixes
- In the Administrative tools folder
- Select Active Directory Users and Computers shortcut
- Select open
- Select Active Directory Users and Computers shortcut
- In the Active Directory Users and Computers Console
-
Expand the euc-livefire.com hierarchy
-
Select Corp OU and expand
- Select Sales
-
Select Corp OU and expand
-
Expand the euc-livefire.com hierarchy
- In the Active Directory Users and Computers Console
- Select the Mark Debio user object
- Select Properties
- Select the Mark Debio user object
- In the Mark Debio properties
- To the right and In line with Mark
- From the Dropdown
- Select your Alternate suffix eg. CorpXXX.euc-livefire.com
- where XXX is your assigned Domain ID
- Select your Alternate suffix eg. CorpXXX.euc-livefire.com
- From the Dropdown
- To close Mark Debio Properties
- Select OK
- To the right and In line with Mark
- In the Active Directory Users and Computers Console
- Repeat the above mention steps for at least these accounts :
- In the Sales OU :- Jill Verneo
- In the Marketing OU: - Fernando Dusello
- In the Marketing OU: - Tom Marios
- In IT Support OU: - Kim Markez
- In Developers OU: Craig Sroser, Jackie Puun, Malcolm Barneo, Nancy Encrarna
- Repeat the above mention steps for at least these accounts :
- On your ControlCenter server
- Switch to your Chrome Browser
- Select your Workspace ONE Access session
- In the Integrations > Directories area > EUC-Livefire area
- In the EUC-Livefire Directory
- Next to Sync
- Select the Dropdown
- Select Sync without Safeguards
- Select the Dropdown
- Next to Sync
- Take the URL for WorkspaceONE Access and add /SAAS/auth/0 and save it to your bookmarks. This will ensure we will be able to login after we have done the federation with Azure.
-
Introduction: In preparation for Part 2
- In your browser open a new tab
- In the address bar
- enter https:\\portal.office.com
- Log in with your Cloud admin credentials
-
In the top left-hand corner off Microsoft 365
- Select the Select the 9 dotted square
-
Once the Apps pop out expands
- Select Admin
- In the Microsoft 365 admin center window
- Select Show all
- In the Microsoft 365 admin center window
- Under Support
- expand Settings
- Under Support
- In the Microsoft 365 admin center window
- Under Settings
- select Domains
- Under Settings
- In the Domains area
- Select + Add domain
NOTE: Before moving onto the next section, ensure that you are 100% clear what YOUR registered Domain will be.
- In the course lab we will use a Domain naming convention based on the location we are delivering at.
- We will use the convention corpXXX.euc-livefire.com
- Where XXX is your Assigned Domain, which you will find in Microsoft Teams in the Attendee Accounts sections
- On the Microsoft 365 admin center ensure the Connect a domain you already own radio button is selected and below type your registered Domain name
- In the Microsoft 365 admin center window
- In the Add domain area
- Under Yes, add this domain now
- enter corpXXX.euc-livefire.com
- Where XXX is your assigned Domain identifier
- enter corpXXX.euc-livefire.com
- At the bottom of the page
- Select Use this domain
- Under Yes, add this domain now
- In the Add domain area
- In the Microsoft 365 admin center window
- In the How do you want to verify your domain?
- Ensure the radio button next to Add a TXT record to the domain's DNS records is enabled (default)
- Select Continue
- In the How do you want to verify your domain?
- In the Microsoft 365 admin center window
- In the How do you want to verify your domain?
-
Below TXT value
- Copy the MS= ms ......
- In the following steps, we will have this value entered into your assigned Zone database in AWS Route 53 using vRealize automation
- Copy the MS= ms ......
-
Below TXT value
- In the How do you want to verify your domain?
Do step 9: VRA automation on a separate browser profile.
If you were doing your Azure registration on the Site 1 profile then might be helpful to do the VRA on the Site 2 Profile and have both profiles open side by side.
- On your Controlcenter desktop,
- On your Site 2 browser
- Open a new Tab
- In the Address bar
- enter https://vra.lab.livefire.dev/
- Select GO TO LOGIN PAGE
- On your Site 2 browser
- In the Workspace ONE Login
- Under Select your domain
- Ensure livefire.lab selected
- select Next
- Under Select your domain
- In the Workspace ONE login
- Under username
- Enter your assigned dwuser0XX account
- XX will be your assigned Student Login ID
- Enter your assigned dwuser0XX account
- Under password
- Enter your assigned password
- Select Sign in
- Under username
- In the vRealize Automation - Cloud Services Console
- Under My Services
- Select Service Broker
- Under My Services
- In the My Resource Usage window
-
Under update TXT Records
- Select REQUEST
-
Under update TXT Records
- In the New Request page
- Update the following next to:
-
Sub Hosted Zone Prefix* enter your domain
- enter CorpXXX, XXX represents your assigned domain
- TXT record value* Paste your TXT value (from step 7)
-
Sub Hosted Zone Prefix* enter your domain
- Select SUBMIT
- Update the following next to:
- On your Microsoft 365 admin center page
- When the vrealize automation is complete
- Select Verify
- In the Microsoft 365 admin center window
- In the Connect domain section
- At the bottom of the page
- Select Continue
- At the bottom of the page
- In the Connect domain section
- In the Microsoft 365 admin center window
- In the Connect domain > ADD DNS records section
- Next to MX records (1)
- Expand the dropdown
- Under Points to address or value and in line with Expected
- Copy the output
- Next to MX records (1)
- In the Connect domain > ADD DNS records section
- Switch back to your Service Broker session
- Select the Catalog tab
- In the Catalog area
- Under Update MX Records
- select REQUEST
- Under Update MX Records
- In the Service Broker
-
New Request
- Update MX Records page
- Next to:
-
Sub Hosted Zone Prefix* enter corpXXX
- Where XXX is your assigned Domain identifier
- MX record value* paste your MX record
-
Sub Hosted Zone Prefix* enter corpXXX
- Select SUBMIT
-
New Request
- On the Connect domain page
- At the bottom
- Select Continue
- At the bottom
-
In the Microsoft 365 admin center window
- In the Setup is Complete page
- Select Done
If you are using an existing account, its very likely you wont have to change your default domain. Validate and if necessary do the change
-
In the Domains area
-
Under Domain name
-
Next to your unique *.onmicrosoft.com domain
- select the checkbox
-
Under Domains , in the Task area
- Select Set as default
-
Next to your unique *.onmicrosoft.com domain
-
Under Domain name
- In the Set this domain as default? window
- Select Set as default
- In the Domains page
- Validate your default configuration
Your assigned domain should NOT be your (Default) domain. Your setup should look like the above example
- On your ControlCenter server
- Open the Software shortcut
- Navigate to the Applications > Azurefiles >ADConnect folder.
- Double- click the AzureADConnect.msi
- On the Open File - Security Warning window
- Select Run
- On the Open File - Security Warning window
- Open the Software shortcut
- On the Welcome to Azure AD Connect window
- Next to I agree to the license terms and privacy notice
- Enable the check box
- Select Continue
- Next to I agree to the license terms and privacy notice
- In the Express Settings window
- Select Use express settings
- On the Connect to Azure AD window,
-
Under USERNAME
- Enter your documented Azure Cloud Admin account
-
Under PASSWORD
- Enter your documented Azure Cloud Admin password
- Select Next
-
Under USERNAME
- On the Connect to AD DS window,
- Under USERNAME
- Enter EUC-Livefire\administrator
- Under PASSWORD
- Enter VMware1!
- Select Next
- Under USERNAME
- On the Azure AD sign-in configuration page
- Validate that your custom Azure Domain has been Verified
- Next to Continue without matching all UPN suffixes to verified domains
- Select the Check box
- Select Next
- On the "Ready to configure" window
- Next to Start the synchronization process when configuration completes
- Enable the check box
- Select Install.
- Getting to the next step could take a few minutes.
- Next to Start the synchronization process when configuration completes
- On the Configuration complete window
- Select Exit
Give the replication about 5 minutes to work
- In the Microsoft 365 Admin center
- In the left-hand pane under Home,
- Select Users
- Select Active users.
- Select Users
- In the left-hand pane under Home,
- In the Active Users area
- Notice that you have Licensed and Unlicensed users
- It appears that in addition to us syncing in our account Microsoft creates dummy accounts for use
- The dummy user accounts have already been licensed and we only can have up to 25 licensed users
- Ensure you select only DUMMY accounts with Microsoft 365 E5 Developer licensing
- At the top of browser select Delete user
- DO NOT Delete your Cloudadmin account
- Notice that you have Licensed and Unlicensed users
This process is purely to keep it clean with euc-livefire accounts.
It wont be necessary to do this step if you have a pre-assigned account
- In the Active Users area
- Select the radio buttons next to
- Fernando Dusello
- Jill Verneo
- Kevin Ikin
- Kim Markez
- Mark Debio
- From the top menu options
- At the top of the Active Users area, next to Refresh,
- select Manage product licenses
- Select the radio buttons next to
everyone needs to license their newly synced accounts in Microsoft 365
- In the Manage Product licenses window
- Next to Replace ,
- Select the radio button
- Next to Microsoft E5 Developer (without Windows and Audio Conferencing)
- Select the Checkbox
- Select Save Changes.
- Next to Replace ,
- On your ControlCenter server
- Open your Site 1 Chrome Browser
- Open a new Tab
- In the Chrome address bar
- enter https://portal.azure.com
- In the Microsoft Azure Sign in page
- enter YOUR CloudAdmin account
- select Next
- In the Microsoft Azure Enter password page
- enter your Password
- select Sign in
- In the Microsoft Azure Stay signed in? page
- select Yes or No
- In the Microsoft Azure Admin Portal
- In the left Inventory
- select Microsoft Entra ID
- select Enterprise Applications
- select Microsoft Entra ID
- In the left Inventory
- In the Enterprise applications area
- select + New application
- In the Browse Azure AD Gallery area
- select + Create your own application
- In the Create your own application area
- below What's the name of your app?
- enter Workspace ONE Access
- select Create
- below What's the name of your app?
- In the Workspace ONE Access | Overview page
- select 2. Setup single sign on
- In the Workspace ONE Access | Single sign-on page
- select SAML
- In the Workspace ONE Access | SAML-based Sign-on page
- In the Basic SAML Configuration area
- note that Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL) are required
- We will now switch to Workspace ONE Access for this information
- On your ControlCenter server
- switch to your Workspace ONE Access sysadmin console
- In the Basic SAML Configuration area
- In the Workspace ONE Access admin Console
- select the Resources tab
- In the Resources inventory
- select Web Apps
- In the Web Apps area
- select SETTINGS
- In the Settings window
- select SAML Metadata
- In the Settings window
- under SAML Metadata
- select and right-click Service Provider (SP) metadata
- select Save link as.....
- select and right-click Identity Provider (IdP) metadata
- select Save link as.....
- under SAML Metadata
NOTE: In this exercises we will only use the Service Provider metadata. In a later exercise we will use the Identity Provider metadata.
- In the Save As window
- select Save
- In the bottom left-corner of your browser
- next to sp.xml
- select the dropdown
- select Show in folder
- select the dropdown
- next to sp.xml
- In the Downloads folder
- select and right-click sp.xml
- select Edit with Notepad++
- In the Notepad ++ application
- select View
- select Word wrap
- select View
- In the Notepad ++ application
- In the XML code
- find entityID
- Copy the URL which ends in sp.xml
- find entityID
- Save the URL in a new tab in Notepad++
- In the XML code
- In the Notepad ++ application
- In the XML code
-
Find the code
- AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location
- Copy the URL that ends in response after this
- Save the URL in your new tab in Notepad++
-
Find the code
- In the XML code
- In the Notepad++ application
- Note which is your entity ID
- Note which is your Response
- Switch back to your Azure Admin Portal
- In the Workspace ONE Access | SAML-based Sign-on page
- In the Basic SAML Configuration area
- select Edit
- In the Basic SAML Configuration area
- In the Basic SAML Configuration window
- under Identifier (Entity ID) *
- select Add Identifier
- under Identifier (Entity ID) *
- In the Basic SAML Configuration
- under Identifier (Entity ID) *
- Paste your Entity ID
- In the Basic SAML Configuration
- under Reply URL (Assertion Consumer Service URL) *
- select Add reply URL
- In the Basic SAML Configuration
- under Reply URL (Assertion Consumer Service URL) *
- Paste YOUR Response URL
-
At the top of the page
- select Save
- In the Workspace ONE Access area
- Just above Single sign-on
- select Users and groups
- Just above Single sign-on
- In the Workspace ONE Access | Users and groups area
- select + Add user / group
- In the Add Assignment area
- click on None Selected
- In the Users and groups area
- In the search area
- enter DEV
- select Developers
- In the search area
- enter Sales
- select Sales
- In the search area
- enter Marketing
- select Marketing
- In the search area
- enter IT support
- select IT support
- In the bottom right-corner
- click on Select
- In the search area
- In the Add Assignment area
- At the bottom of the page
- select Assign
- At the bottom of the page
- In the Workspace ONE | Users and groups area
- note the assigned groups
- select Single sign-on
- In the Workspace ONE Access | SAML-based Sign-on area
- In the SAML Certificates area
- next to Federation Metadata XML
- select Download
- next to Federation Metadata XML
- In the SAML Certificates area
- On your ControlCenter server
- browse to your Downloads folder
- In the Downloads folder
- note you have a Workspace ONE Access.xml file
- In preparation for the next Part switch to your Workspace ONE Access Admin console
- On your Workspace ONE Access admin console
- select Integrations
- In the Integrations inventory
- select Identity Providers
- In the Identity Providers area
- in the top right corner
- select ADD
- In the drop down menu
- select SAML IDP
- In the drop down menu
- select ADD
- in the top right corner
- In the New Identity Provider window
- next to
-
Identity Provider Name
- enter Azure Active Directory
-
Identity Provider Name
- Switch to your Downloads folder
- next to
- In the Downloads folder
- select and right-click the Workspace ONE Access.xml file
- select Edit with Notepad++
- In the Notepad++ application
- In the title bar
- select View
- disable word wrap
- select View
- Click your mouse in the Notepad++ area
- With your Keyboard
- Enter CTRL+A
- Enter CTRL+C
- In the title bar
- In the Azure Active Directory window
- next to
-
SAML Metadata
- under Identity Provider Metadata (URL or XML)
- paste your XML Metadata
- under Identity Provider Metadata (URL or XML)
-
SAML Metadata
- next to
- In the Azure Active Directory window
- In line with
-
Name ID Format
- to the right
- select the + ADD twice
- to the right
-
Name ID Format
- In line with
- In the Azure Active Directory window
- below
-
Name ID Format
- 1st row
- from the drop down
- select urn:oasis:names:tc:SAML:1.1:nameid:format:unspecified
- from the drop down
- 1st row
-
Name ID Format
- 2nd row
- from the drop down
- select urn:oasis:names:tc:SAML:1.1:nameid:format:emailAddress
- from the drop down
- 2nd row
-
Name ID Format
- below
- In the Azure Active Directory window
- below
-
Name ID Value
- 1st row
- from the drop down
- select username
- from the drop down
- 1st row
-
Name ID Format
- 2nd row
- from the drop down
- select userprincipalname
- from the drop down
- 2nd row
-
Name ID Value
- below
- In the Azure Active Directory window
- In the Users area
- next to EUC-livefire
- select the checkbox
- In the Network area
- next to ALL RANGES
- select the checkbox
- next to ALL RANGES
- next to EUC-livefire
- In the Users area
- In the Azure Active Directory window
- In the Authentication Methods area
- below Authentication Methods
- type AAD Password
- below SAML Context
- from the dropdown
- select urn:oasis:names:tc:SAML:2.0:ac:classes:Password
- from the dropdown
- below Authentication Methods
- In the Authentication Methods area
- In the Azure Active Directory window
-
scroll to the top of the page
- select SAVE
-
scroll to the top of the page
- In the Workspace ONE Access Admin Console
- Select the Resources tab
- select Policies
- Select the Resources tab
- In the Policies interface
- next to default access policy set
-
select the radio button
- select EDIT
-
select the radio button
- next to default access policy set
- In the Edit Policy window,
- In the left column
- Select Configuration
- To the left of Web Browser,
- Select All Ranges
- In the left column
- In the Edit Policy Rule window
- Next to then the user may authenticate using *
- select AAD Password
- Next to if preceding method fails or is not applicable, then *
- select Password (cloud deployment),
- Select ADD FALLBACK METHOD
- Next to if preceding method fails or is not applicable, then *
- select Password (Local Directory)
- Next to if preceding method fails or is not applicable, then *
- Select SAVE at the bottom of the window
- Next to then the user may authenticate using *
- In the Edit Policy Rule window
- Select + ADD POLICY RULE
- In the Edit Policy Rule window
- Next to: -
-
and user accessing content from*
- select Windows 10
-
then the user may authenticate using*
- select AAD Password
-
if the preceding method fails or is not applicable, then
- select Password (cloud deployment)
- Select + ADD FALLBACK METHOD
-
if the preceding method fails or is not applicable, then
- Select Password (Local Directory)
-
if the preceding method fails or is not applicable, then
-
and user accessing content from*
- At the botom right hand side of the page
- Select SAVE
- Next to: -
- In the Edit Policy window
- Next to ALL RANGES for Windows 10
- Select the 6 DOTS and drag to the top
- Select NEXT on the Edit Policy Page
- Next to ALL RANGES for Windows 10
- On the Edit Policy Page.
- Summary tab
- Select SAVE
- Summary tab
We will divide this Part into 4 steps
- On your Controlcenter server.
- In the Workspace ONE Access Admin Console
- Select the Resources tab
- In the Resources menu
- Select Web Apps
- In the Resources menu
- Select NEW
- Select the Resources tab
- In the Workspace ONE Access Admin Console
- In the New SaaS Application wizard
-
Definition area
- below Name *
- type Microsoft Word
- below Name *
-
Definition area
- In the New SaaS Application wizard
-
Definition area
- below Icon *
- click on SELECT FILE ....
-
browse to
- \\horizon-01a.euc-livefire.com\software\icons
- select Word_128x128.png
- select Open
-
browse to
- click on SELECT FILE ....
-
In the bottom right-corner
- select NEXT
- below Icon *
-
Definition area
- In the New SaaS Application wizard
-
Configuration area
- below Authentication Type *
- from the dropdown
- select Web Application Link
- from the dropdown
- below Authentication Type *
-
Configuration area
- In the New SaaS Application wizard
-
Configuration area
- below Target URL *
- Copy the URL below and edit in Notepad++ the following in Blue with your assigned domain suffix and then copy the edited URL and Paste under the Target URL
- https://login.microsoftonline.com/login.srf?wa=wsignin1.0&whr=EXAMPLEDOMAIN.euc-livefire.com&wreply=https://office.live.com/start/Word.aspx?auth=2
- In the bottom right corner
- select NEXT
- below Target URL *
-
Configuration area
- In the New SaaS Application wizard
-
Summary area
- bottom right corner
- select SAVE & ASSIGN
- bottom right corner
-
Summary area
- In the Assign window
-
Under Users / User Groups
-
In the Search area
-
type Developers,
- select [email protected]
-
type Developers,
-
In the Search area
-
Under Deployment Type
- select Automatic
-
In the bottom right corner
- select SAVE
-
Under Users / User Groups
- In the Assign window
-
Under Users / User Groups
-
In the Search area
-
type Sa,
- select [email protected]
-
type Sa,
-
In the Search area
-
Under Deployment Type
- select Automatic
-
In the bottom right corner
- select SAVE
-
Under Users / User Groups
- In the Assign window
-
Under Users / User Groups
-
In the Search area
-
type Mark,
- select [email protected]
-
type Mark,
-
In the Search area
-
Under Deployment Type
- select Automatic
-
In the bottom right corner
- select SAVE
-
Under Users / User Groups
- In the Assign window
-
Under Users / User Groups
-
In the Search area
-
type IT,
- select [email protected]
-
type IT,
-
In the Search area
-
Under Deployment Type
- select Automatic
-
In the bottom right corner
- select SAVE
-
Under Users / User Groups
- In the Web Apps area.
- Select NEW
- In the New SaaS Application wizard
-
Definition area
- below Name *
- type Microsoft Excel
- below Name *
-
Definition area
- In the New SaaS Application wizard
-
Definition area
- below Icon *
- click on SELECT FILE ....
-
browse to
- \\horizon-01a.euc-livefire.com\software\icons
- select Excel_128x128.png
- select Open
-
browse to
- click on SELECT FILE ....
-
In the bottom right-corner
- select NEXT
- below Icon *
-
Definition area
- In the New SaaS Application wizard
-
Configuration area
- below Authentication Type *
- from the dropdown
- select Web Application Link
- from the dropdown
- below Authentication Type *
-
Configuration area
- In the New SaaS Application wizard
-
Configuration area
- below Target URL *
- Copy the URL below and edit in Notepad++ the following in Blue with your assigned domain suffix and then copy the edited URL and Paste under the Target URL
- https://login.microsoftonline.com/login.srf?wa=wsignin1.0&whr=corpXXX.euc-livefire.com&wreply=https://www.office.com/launch/excel?auth=2&home=1
- Copy the URL below and edit in Notepad++ the following in Blue with your assigned domain suffix and then copy the edited URL and Paste under the Target URL
- In the bottom right corner
- select NEXT
- below Target URL *
-
Configuration area
- In the New SaaS Application wizard
-
Summary area
- bottom right corner
- select SAVE & ASSIGN
- bottom right corner
-
Summary area
- In the Assign window
-
Under Users / User Groups
-
In the Search area
-
type Developers,
- select [email protected]
-
type Developers,
-
In the Search area
-
Under Deployment Type
- select Automatic
-
In the bottom right corner
- select SAVE
-
Under Users / User Groups
- In the Assign window
-
Under Users / User Groups
-
In the Search area
-
type Sa,
- select [email protected]
-
type Sa,
-
In the Search area
-
Under Deployment Type
- select Automatic
-
In the bottom right corner
- select SAVE
-
Under Users / User Groups
- In the Assign window
-
Under Users / User Groups
-
In the Search area
-
type Mark,
- select [email protected]
-
type Mark,
-
In the Search area
-
Under Deployment Type
- select Automatic
-
In the bottom right corner
- select SAVE
-
Under Users / User Groups
- In the Assign window
-
Under Users / User Groups
-
In the Search area
-
type IT,
- select [email protected]
-
type IT,
-
In the Search area
-
Under Deployment Type
- select Automatic
-
In the bottom right corner
- select SAVE
-
Under Users / User Groups
- In the Web Apps area.
- Select NEW
- In the New SaaS Application wizard
-
Definition area
- below Name *
- type Microsoft Powerpoint
- below Name *
-
Definition area
- In the New SaaS Application wizard
-
Definition area
- below Icon *
- click on SELECT FILE ....
-
browse to
- \\horizon-01a.euc-livefire.com\software\icons
- select PowerPoint_128x128.png
- select Open
-
browse to
- click on SELECT FILE ....
-
In the bottom right-corner
- select NEXT
- below Icon *
-
Definition area
- In the New SaaS Application wizard
-
Configuration area
- below Authentication Type *
- from the dropdown
- select Web Application Link
- from the dropdown
- below Authentication Type *
-
Configuration area
- In the New SaaS Application wizard
-
Configuration area
- below Target URL *
- Copy the URL below and edit in Notepad++ the following in Blue with your assigned domain suffix and then copy the edited URL and Paste under the Target URL
- https://login.microsoftonline.com/login.srf?wa=wsignin1.0&whr=corpXXX.euc-livefire.com&wreply=https://www.office.com/launch/powerpoint?auth=2
- Copy the URL below and edit in Notepad++ the following in Blue with your assigned domain suffix and then copy the edited URL and Paste under the Target URL
- In the bottom right corner
- select NEXT
- below Target URL *
-
Configuration area
- In the New SaaS Application wizard
-
Summary area
- bottom right corner
- select SAVE & ASSIGN
- bottom right corner
-
Summary area
- In the Assign window
-
Under Users / User Groups
-
In the Search area
-
type Developers,
- select [email protected]
-
type Developers,
-
In the Search area
-
Under Deployment Type
- select Automatic
-
In the bottom right corner
- select SAVE
-
Under Users / User Groups
- In the Assign window
-
Under Users / User Groups
-
In the Search area
-
type Sa,
- select [email protected]
-
type Sa,
-
In the Search area
-
Under Deployment Type
- select Automatic
-
In the bottom right corner
- select SAVE
-
Under Users / User Groups
- In the Assign window
-
Under Users / User Groups
-
In the Search area
-
type Mark,
- select [email protected]
-
type Mark,
-
In the Search area
-
Under Deployment Type
- select Automatic
-
In the bottom right corner
- select SAVE
-
Under Users / User Groups
- In the Assign window
-
Under Users / User Groups
-
In the Search area
-
type IT,
- select [email protected]
-
type IT,
-
In the Search area
-
Under Deployment Type
- select Automatic
-
In the bottom right corner
- select SAVE
-
Under Users / User Groups
- In the Web Apps area.
- Select NEW
- In the New SaaS Application wizard
-
Definition area
- below Name *
- type Microsoft Outlook
- below Name *
-
Definition area
- In the New SaaS Application wizard
-
Definition area
- below Icon *
- click on SELECT FILE ....
-
browse to
- \\horizon-01a.euc-livefire.com\software\icons
- select Outlook_128x128.png
- select Open
-
browse to
- click on SELECT FILE ....
-
In the bottom right-corner
- select NEXT
- below Icon *
-
Definition area
- In the New SaaS Application wizard
-
Configuration area
- below Authentication Type *
- from the dropdown
- select Web Application Link
- from the dropdown
- below Authentication Type *
-
Configuration area
- In the New SaaS Application wizard
-
Configuration area
- below Target URL *
- Copy the URL below and edit in Notepad++ the following in Blue with your assigned domain suffix and then copy the edited URL and Paste under the Target URL
- https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid+profile&redirect_uri=https%3a%2f%2foutlook.office365.com&domain_hint=corpxxx.euc-livefire.com
- Copy the URL below and edit in Notepad++ the following in Blue with your assigned domain suffix and then copy the edited URL and Paste under the Target URL
- In the bottom right corner
- select NEXT
- below Target URL *
-
Configuration area
- In the New SaaS Application wizard
-
Summary area
- bottom right corner
- select SAVE & ASSIGN
- bottom right corner
-
Summary area
- In the Assign window
-
Under Users / User Groups
-
In the Search area
-
type Developers,
- select [email protected]
-
type Developers,
-
In the Search area
-
Under Deployment Type
- select Automatic
-
Under Users / User Groups
- In the Assign window
-
Under Users / User Groups
-
In the Search area
-
type IT support
- select IT [email protected]
-
type IT support
-
In the Search area
-
Under Deployment Type
- select Automatic
-
In the bottom right corner
- select SAVE
-
Under Users / User Groups
- On your Control Center server
- On your Chrome browser
- Open up an Incognito session
- In the address bar enter your Workspace ONE Access tenant url
- On your Chrome browser
- In the Microsoft Sign in window
- enter
- craig@corpXXX.euc-livefire.com
- XXX = your assigned domain
- enter
- select Next
- In the Microsoft Sign in window
- Under Enter password
- enter VMware1!
- select Sign in
-
In the Stay signed in? window
- select NO
- Under Enter password
- In the web Intelligent Hub
- Select Apps
- In the web Intelligent Hub
- Under Apps
- Select Microsoft Excel
- Under Apps
- In the Help us protect your account window
- Select , Skip for now (xx days until this is required)
- xx represents whatever you see on your screen)
- Select Next
- Select , Skip for now (xx days until this is required)
- In the office.com window
- Notice you have access to your Microsoft 365 applications
- Using deep links, we are able to publish these applications individually to Workspace ONE Access
0 Comments
Add your comment