1. Setting up Workspace ONE

In this lab you (as the admin) will be setting up the  platform for the digital workspace. We will integrate Workspace ONE UEM with Workspace ONE Access, Hub Services and Workspace ONE intelligence.

You will install the Access connector and configure Active Directory integration to sync users.

Part 1: Access, UEM and Intelligence setup

Part 2: Enable Experience Management

Part 3: Workspace ONE Access

Part 4: Installing and configuring the Workspace ONE Access Connector

Part 5: Configure Directory Sync with Workspace ONE Access Connector

Part 6: Workspace ONE Hub Services Integration with Workspace ONE Access

Part 7: Configuring Workspace ONE Hub Services

Part 8: User Provisioning to UEM

Part 1: Access, UEM and Intelligence setup
  1. On the Control Center open Chrome and navigate to the UEM admin console sign in.

NOTE:If this is your first time signing in you will have to set a security question and a PIN.

 

  1. In the UEM console navigate to GROUPS & SETTINGS > All Settings
  1. In the Settings page navigate to System > Enterprise Integration > Workspace ONE Access > Configuration
  1. In your  Workspace ONE UEM Admin console
    • Navigate to Groups and Settings > All Settings > System > Enterprise Integration> Workspace ONE Access > Configuration

 

  1. Under the Server area,
    • Select  CONFIGURE

 

  1. On the Connect to Workspace ONE Access window,
    • Select CONTINUE  

 

  1. On the Connect to Workspace ONE Access window enter the following:

NOTE: You should have received an e-mail from [email protected] with this URL. Check your SPAM folder if you don't see it.

  • User Name: Your Tenant Admin account
  • Password: Your Tenant Password
  • Select TEST CONNECTION to ensure Tenant configuration has been entered successfully.
  • Select SAVE and close the settings window
  1. After you come back to the settings page for Workspace ONE Access Click ENABLE under Certificate > Certificate Provisioning
  1. After the certificate has been enabled click EXPORT, this should download the certificate to the downloads folder. We will come back to this certificate at a later stage.
  1. In the left navigation panel of the Settings page navigate to Devices & Users > General > Enrollment and click Override.
  1. Scroll down and change Source of Authentication for Intelligent Hub to WORKSPACE ONE ACCESS  > Click SAVE at the bottom of the page.

NOTE: We are doing this as we want the user to authenticate during enrollment with Workspace ONE Access.

  1. Scroll to the top of the page and click on the Restrictions tab > uncheck Restrict Enrollment to Known Users click SAVE at the bottom of the page

NOTE: The reason we are removing this check is because users will be created on the fly throug the AirWatch provisioning adapter in Workspace ONE Access.

  1. In the left navigation page for Settings navigate to Share Device and click Override. For Group Assignment Mode click Fixed Organization Group. Click SAVE at the bottom of the page.

TIP: We will use staged devices later in the lab, this will allow devices that have been enrolled with the staging user to automatically be assigned to your organization group. This improves the user experience!

  1. Close the settings page. Navigate to Accounts  > Users > List View and click ADD > Add User
  1. Now fill in the following:
    • Username: staginguser
    • Password: VMware123
    • Confirm Password: VMware123
    • Fullname: Staging User
    • Email address: [email protected]
  1. At the top of the Add/Edit User click Advanced tab. Scroll to the bottom and expand Staging.
    • Enable Device Staging: ENABLED
    • Single User Devices : ENABLED
    • Single User Devices: Standard - Users are asked to log in after staging
    • Multi User Devices: DISABLED
    • Click SAVE.

NOTE: In a future lab we will use an enrollment script to automate the enrollment of persistent desktops. This can be used also if IT or OEM is staging devices prior to delivery to end-user.

  1. In the Workspace ONE UEM admin console
    1. Select GROUPS & SETTINGS
    2. Select Configurations
    3. In the Group & Settings > Configurations window
      • Select GO TO CONFIGURATIONS
  1. Under Configurations
    • In the Enter a name or category area
      • Type Int
    • Under Configuration Name
      • Select Intelligent Hub
  1. Under Hub Services
    • Select GET STARTED
  1. In the Activate Hub Services
    • Select YES
  1. In the UEM admin console navigate to MONITOR > Intelligence and click LAUNCH
  1. You will get a prompt for the new interface. Simply click Dismiss. Then type in your e-mail address.
  • Fill in the Details (Don't have to be real) for Terms of Service and click ACCEPT
  1. (If there is a pop-up) Close the Introducing Improved Navigation pop-up.
  1. Navigate to Integration > Data Sources > Workspace ONE Access > SET UP
  1. Click GET STARTED on the pop-up.
    • Under Authorization Details > Authorized URI type in the URL for your ACCESS tenant.
    • Click CONNECT TO WORKSPACE ONE ACCESS
  1. If you are already authenticated to Workspace ONE Access click Accept on the new tab that opens up.
  • Otherwise authenticate to Access using your administrator account.
  • Username: administrator
  • Password: VMware1!
    • Click Finish when you are re-directed back to Access.
  1. In the Intelligence console navigate to Integration > Data Sources > Workspace ONE Hub Service > click SET UP
  1. Click GET STARTED on the pop-up and click Authorization Details > the Authorized URI should be your Workspace ONE Access URL.
    • Click CONNECT TO WORKSPACE ONE HUB SERVICES
  1. If you aren't already logged into Workspace ONE Acces you will be prompted to authenticate. Then ACCEPT the authorization to send data to Intelligence.
  1. Back in the Intelligence console now find Desktop Advanced Telemetry in the Integrations Setup page and click on SETUP.
  1. Click ENABLE at the prompt. You will now be able see device and application performance metrics in Intelligence. (We will come back to this at a later stage)
  1. In the Workspace ONE Intelligence Admin console, click Integrations > click Workflow Connector.
    • You will be redirected to Workspace. Click GET STARTED.
  1. Navigate back to Integrations > Workflow Connectors and click  + ADD
  1. Click on Workspace ONE UEM in the Add New Workflow Connector window.
    • Click SET UP WORKSPACE ONE UEM
  1. Fill in the Authorize Connector: Workspace ONE UEM:
    • Base URL: https://dw-livefire.awmdm.com/
    • Auth Type: Basic Authentication
    • User Name: {YOUR EMAIL ADDRESS}
    • Password: VMware1!
    • Workspace ONE UEM API Key - Flip to Workspace ONE UEM Admin Console
  1. In a new tab open Workspace ONE UEM Admin Console -  https://dw-livefire.awmdm.com/
    • Navigate to GROUPS & SETTINGS > All Settings
  1. In the Settings page navigate to System > Advanced > API > REST API.
    • Click Override.
  1. Copy the API Key for the AirWatch API Service and click SAVE.
  1. Navigate back to the browser Tab with Workspace ONE Intelligence.
    • Click the Pencil icon in the Workspace ONE UEM API Key field
    • Paste the API Key into the Workspace ONE UEM API Key field
    • Click AUTHORIZE
Part 2: Enable Experience Management

In this exercise you will enable Experience Management in Workspace ONE Intelligence. This will allow for the device to send telemetry and metrics to Intelligence and report on the following and more -

  • Device Heal, Application Health
  • Performance and Stability
  • OS Crashes
  • Login, and Logout
  • Boot and Shutdown events and duration
  • Windows Services Status
  • Windows Performance Monitor Data

NOTE: In this lab we will simply enable this function so that devices will begin their reporting, we won't actually have any metrics at this point.

  1. In the Workspace ONE Intelligence Console
    • navigate to Marketplace > Solutions > Experience Management

 

  1. In the Experience Management page
    • Click SET UP on the Desktop Experience Management
  1. In the Enable Desktop Experience Management
    • select NEXT to authorize the right server.
  1. In the Enable Desktop Experience Management wizard
    • Under Desktop Advanced Telemetry
      • select SAVE
  1. You should now have Desktop Experience Management Enabled.
    • Click View this will take you to the Workspace Tab.
    • NOTE: There is no data in here as of yet.

After device have registered with UEM we will see Desktop telemetry here.

Part 3: Workspace ONE Access , Connector pairing pre-requisites

In this lab you will download the Workspace ONE Access connector configurations. These configurations will be used later in Part 4 to installe the Workspace ONE Access connector.

  1. On your ControlCenter server
    • Open your Workspace ONE Access, Admin console URL
      • Under Username
        • enter Administrator
      • Under Password
        • enter VMware1!
      • Select Sign In
  1. In the Web Intelligent Hub Console
    • To the right,
      • select TA
    • From the dropdown
      • select Workspace ONE Access Console
  1. In the Workspace ONE Access Console
    • Select Integrations
    • Under Integrations
      • Select Connectors
    • In the Connectors area
      • Select NEW
  1. In the Connector Usage Confirmation window
    • Select the radio button, next to :-
      • Latest Workspace ONE Access Connector
    • Select OK
  1. In the Confirm the latest Workspace ONE Connector window
    • Select CONFIRM
  1. In the Add New Connector window
    1. Downloader Installer area
      • Select NEXT
  1. In the Add New Connector window
    1. Download Configuration File area
      • Next to Password: enter VMware1!VMware1!
      • Next to Reenter Password: enter VMware1!VMware1!
      • Select DOWNLOAD CONFIGURATION FILE
        • note an es-config.json file gets downloaded
      • Select NEXT
  1. In the Add New Connector window
    1. Summary window
      • Select CLOSE
  1. On your ControlCenter server browser
    • Next to the es-config.json
      • Select the Dropdown
      • Select Show in folder
  1. In the File Explorer window
    • Select and right-click the es-config.json file
    • Select Copy
    • In the left pane
      • Select Desktop
  1. In the File Explorer window
    • Desktop area
      • Select the Software shortcut
      • In the Software folder
        • Open the ACCESS folder
  1. In the File Explorer window
    • ACCESS folder
      • Paste your es-config.json file
    • Close your File Explorer window
Part 4: Installing and Configuring the Workspace ONE Access connector
  1. On your ControlCenter server
    • On the Desktop.
      • Open the Remote Desktops\Site1 folder
      • Select and launch the WS1-Connector.RDP shortcut
  1. On your WS1-Connector server
    • Open the Software Folder
    • Select the ACCESS Folder
    • Select and Launch
      • Workspace-ONE-Access-Connector-Installer-22.09.1.0.exe
  1. On your WS1-Connector server
    • On the Open File - Security Warning window
      • Select Run
  1. On the Workspace ONE Access Connector - InstallShield Wizard
    • In the Welcome to the Installation Wizard for Workspace ONE Access Connector 22.09.0.0
      • Select Next
  1. On the Workspace ONE Access Connector - InstallShield Wizard
    • Licence Agreement window
      • Select the radio button next to:-
        • I accept the terms in the license agreement
      • Select Next
  1. On the Workspace ONE Access Connector - InstallShield Wizard
    • Service Selection window
      • Select Next
  1. On the Workspace ONE Access Connector - InstallShield Wizard
    • Specify Configuration File window
      • In the box in front of Browse...
        • type \\horizon-01a\software\ACCESS\es-config.json
      • Next to Password: type VMware1!VMware1!
    • Select Next
  1. In the Workspace ONE Access Connector - InstallShield Wizard
    • keep Default
    • select Next
  1. In the Workspace ONE Access Connector - InstallShield Wizard
    • Specify Service Account window
    • Under User name: type
      • euc-livefire.com\administrator
    • Under Password:
      • type VMware1!
    • Select Next
  1. In the Workspace ONE Access Connector - InstallShield Wizard
    • Ready to Install window
      • Select Install

The Installation of the Workspace ONE Access Connector will take about 10 minutes to complete. Continue with Part 5 while the installation is going.  Check back periodically to ensure it has successfully installed.

  1. In the Workspace ONE Access Connector - InstallShield Wizard
    • Installation Wizard Completed window
      • Select Finish
Part 5: Configuring Directory Sync with  Workspace ONE Access connector

First we will configure the Attributes. Note!  Every organisation will need to research their requirements when deciding whether or not to set attributes to required. For specific applications where this needs to be considered,  if the associated user object does not have the attribute, authentication might fail.

  1. In the Workspace ONE Access Admin console
    • Select Settings 
      • Select User Attributes
  1. In the User Attributes console
    • In the right area under Custom Attributes
      • Select  âŠ• ADD ROW  2 times
  1. In the User Attributes console
    • Under Name
      • Add the following additional attributes
        • note this is case sensitive :
      • objectGuid
      • managerDN
  1. In the User Attributes console
    • Under User Attributes
    • Select SAVE
  1. In the Workspace ONE Access admin console.
    • Select Integrations,
      • Select Directories
  1. In the Directories area
    • To the right
      • Select Add Directory
    • In the Add Directory dropdown
      • Select Active Directory
  1. In the Add Active Directory Page,
    • Under Directory Information
      • Directory Name: type EUC-Livefire
      • Ensure the Active Directory over LDAP radio button is selected
      • Click NEXT
  1. In the Configure Directory  section,
    • Leave the Directory Sync and Authentication as default
    • In the Bind User Details area
      • Enter the following Next to :
        • Base DN: dc=EUC-Livefire,dc=com
        • Bind DN: cn=administrator,ou=corp,dc=EUC-Livefire,dc=com
        • Bind DN Password: VMware1!
    • Select Save
  1. In the Select the Domains page,
    • euc-livefire.com (EUC-LIVEFIRE)
      • Select Save.
  1. On the Map User Attribute page
    • Map the following attributes :
    • (what you enter here is case sensitive)
    • managerDN select custom input and type manager
      • Scroll down next to:-
        • objectGuid: select objectGUID
      • Click SAVE
  1. On the Select the Groups you want to sync page,
    1. Click the +ADD
    2. Under Create Group
      • enter dc=euc-livefire,dc=com
    3. Click ADD
  1. On the Select the Groups you want to sync page,
    • Under Select All
      • Select the check box
    • Select Save.
  1. In the Select Users you would like to sync window
    • Under Specify the user DNs
      • edit the existing syntax so that it reads
        • ou=corp,dc=EUC-Livefire,dc=com
      • Select Save
  1. On the Sync Frequency window
    • On Change the Sync Frequency to Every hour
    • Click SAVE & SYNC
  1. On the Directories window
    • Refresh your browser window
      • Note the Synced Groups and Synced Users
  1. In your Workspace ONE Access admin console
    • Select Settings
      • Select Login Preferences
      • Under Login Preferences
        • Select EDIT
  1. In the Login Preferences area
    • In line with:
      • Sync Group Members to the Directory When Adding Group
        • select the Checkbox
  1. In the Login Preferences area
    • In the bottom right
      • select SAVE
  1. In the Workspace ONE Access  console
    • select Integrations
      • select Directories
  1. In the Directories area
    • select EUC-Livefire
  1. In the EUC-Livefire directory area
    • In the right corner
      • Next  to Sync
        • select the dropdown
          • select Sync without Safeguards
Part 6: Workspace ONE Hub Services Integration with Workspace ONE Access
  1. In the Workspace ONE Access admin console
    • Select Integrations
    • Select Hub Configuration
  1. In the Hub Configuration window
    • Under Hub Services
      • Select LAUNCH
  1. In the Optimize the Intelligent Hub Experience window
    • Select BEGIN
    • If you get a choice select DISCARD
  1. In the Welcome to Hub Services
    • Review the associated options.
    • In Section 7: We will configure Hub Services
Part 7: Configuring Workspace ONE Hub Services
  1. In Workspace ONE Hub Services
    • Select the Branding section
      • Find Logos > Organization Logo , to the right select UPLOAD
      • In the left pane,
        • Under Quick access, select Desktop
        • Select Software
        • Select and open Logo
        • Select vmware livefire.png
        • Select Open
        • Scroll down
          • and select SAVE
  1. In the Workspace ONE Hub Services page
    • In the left pane, select People
    • Under People area,
      • next to Enable People,
        • move the toggle to the right
    • Select SAVE
  1. In the Workspace ONE Hub Services page
    • From the left menu,
      • Select the Custom Tab.
        • Next to Enable Custom Tab,
          • move the toggle right.
        • Next to Web
          • move the toggle right.
        • Next to Title
          • enter: EUCLF (Best practice is not use a label longer than 6 characters).
        • Next to URL:
          • enter https://www.Livefire.solutions
        • Next to Position,  
          • enable the First radio button.
        • Select SAVE
  1. To the top right of the Workspace ONE Hub Services page
    • Select LOG OUT OF HUB SERVICES  
Part 8: User Provisioning to UEM

Organizations can leverage the provisioning adapter in WorkspaceONE Access to provision users into Workspace ONE UEM. This implementation does not require the AirWatch Cloud Connector and will leverage SAML JIT to create users in UEM during the enrollment process.

  1. In the Workspace ONE Access admin console navigate to Resources > Web Apps > NEW
  1. Click on OR BROWSE FROM CATALOG
  1. Search for AirWatch and click on the + Next to AirWatch Provisioning. Click NEXT after your return to the New SaaS Application page.

NOTE: Ensure you are not selecting the AirWatch without the Provisioning.

  1. Change the Single Sign-On URL and Recipient URL to match dw-livefire.awmdm.com (leave what comes after the URL there) and click NEXT
  1. Click NEXT on the Access Policies
  1. Click SAVE
  1. Now in the Web Apps screen select the application and clic EDIT
  1. In the Edit SaaS Application you will now see more options, click on Provisioning and change Enable Certificate Auth enter your  UEM GroupID.
    • Click TEST CONNECTION

 

  1. The connection should be successful and now ensure Enable Provisioning is ticked and click NEXT.
  1. Leave the User Provisioning values as default and click NEXT
  1. On the Group Provisioning click ADD GROUP
  1. Type [email protected] and give it the nickname Developers. Click SAVE.
  1. Now click ADD GROUP again.
  1. Type [email protected] and give it the nickname Sales. Click SAVE
    • Repeat the process for Marketing and IT support
  1. Click NEXT.
  1. Click SAVE & ASSIGN on the summary page.
  1. Search for ALL USERS and add them. Change Deployment Type to Automatic and click SAVE.

You have finished setting up and integrating Workspace ONE UEM, Access, and Intelligence. Now that our digital workspace platform is prepared we can think about integrating with Microsoft Azure.

0 Comments

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.