EUCbackup Default chapterConfiguring the VMware Identity Manager Connector & the AirWatch Cloud Connector

Configuring the VMware Identity Manager Connector & the AirWatch Cloud Connector

This section is dedicated to deploying and configuring the VMware Identity Manager Connector

Part 1. Configuring the VMware Identity Manager Connector

1.  You will be configuring VMware Identity Manager Connector on Windows in this lab. We have pre-installed VMware Identity Manager connector 2018.8.1.0 . Our objective is to associate this on-premise connector instance with our SaaS instance of VMware Identity Manager.

  1. Log on to your Control Center2 server in your Lab use your Mozilla Firefox browser. NB!
    1. Navigate to https://ws1-connector.euc-livefire.com:8443/cfg . The username will be admin and the password will be VMware1! select next at the bottom of the page.
  2. Now navigate to your unique 
  3. VMware Identity Manager Tenant that your received in your e-mail login and navigate to Identity & Access Management > Setup > Connectors  
  4. Click on  Add Connector 
  5. Connector ID: WS1-Connector select Generate Activation Code now copy this code
  6. Paste this code into your Connector configuration setup in the activate connector page under activation code click next and you will be done with the setup.
  7. You should get a setup is complete page inside the VMware Identity Manager Console.

2. We will now configure and synchronise Active Directory to the VMware Identity Manager server using the external connector.

First we will configure the Attributes. Note!  Every organisation will need to research their requirements when deciding whether or not to set attributes to required. For specific applications where this needs to be considered,  if the associated user object does not have the attribute, authentication might fail.

  1. Navigate to Identity & Access Management > Setup > User Attributes
    Notice the attributes that are available and the option available to set these to Required. IMPORTANT NOTE: The attributes set to required cannot be changed after a directory sync has taken place.
  2. Set the attribute distinguishedName and userPrincipalName to Required 
  3. Under Attributes to the right select the Green Plus ( Add an additional attribute by writing it in called objectGUID which might be used for authentication for certain applications. Note only default attributes listed can be set to required.
  4. Select Save

3. Configure our AD-sync configuration with VMware Identity Manager.

  1. To the right of the screen select Manage, select Directories, select Add Directory
  2. Select Add Directory > Add Active Directory over LDAP/IWA

4. Configure our AD-sync configuration with VMware Identity Manager....continued

  1. In Add Directory Page, configure the following
    1. Directory Name: LivefireSync
    2. Ensure the Active Directory over LDAP radio button is selected
    3. The Sync Connector select the external connector ws1-connector.euc-livefire.com
    4. Directory Search Attribute: sAMAccountName
    5. Base DN: dc=EUC-Livefire,dc=com
    6. Bind DN: cn=administrator,ou=corp,dc=EUC-Livefire,dc=com
    7. Bind DN Password: VMware1!
  2. Select Test Connection  
    (If this fails and you have verified your syntax is correct. Select Setup > Connectors. Under worker select the built-in Connector Workspaceone.euc-livefire.com. Select AuthAdaptors. If under Adaptor Name is blank, reboot the WorkspaceOne.euc-livefire.com server.You can do this using remote desktop and loging in as administrator with password VMware1!  ) Then retry your configuration
  3. Select Save & Next

5. Configure our AD-sync configuration with VMware Identity Manager....continued

  1. On the Select the Domains page, select Next. euc-livefire.com should be discovered.
  2. On the Map User Attribute page scroll down to objectGuid and select the drop down arrow select objectGUID.
    Since this is the attribute we setup earlier in User Attributes we will also need to map it to an AD attribute.
  3. select Next

6. Configure our AD-sync configuration with VMware Identity Manager....continued

  1. On the Select the Groups you want to sync page, select the green plus (+) to the right of the page,
  2. Under Specify the group DNs type the following dc=euc-livefire,dc=com next to the distinguished name you added, select Find Groups then the Select All check box
  3. select Next.

7. Configure our AD-sync configuration with VMware Identity Manager....continued

  1. On the Select the Users you would like to sync page, under specify the user DNs type ou=corp,dc=EUC-Livefire,dc=com
  2. select Next, notice the objects to sync in the Review page.
  3. Select Sync Directory

8. Configuring the Built-in IDP in VMware Identity Manager

  • Navigate to and select Identity & Access Management >  Manage, select Identity Providers. Notice you now have an additional Identity Provider which is a Workspace IDP called WorkspaceIDP_1 which is associated with the LiveFire directory we just created above. This is an automatic process whereby when the built in connector is associated with Active Directory this Identity Provider gets created.

9. Configuring the Built-in IDP in VMware Identity Manager...continued

Let's associate the Built-In iDP with the AD and the external connector to ensure Password (Cloud Deployment) can be used as an authentication method.

  1. Select Built-In.
  2. In the Built-in IDP windows select the following:
    1. Select LivefireSync under Users
    2. All Ranges under Network
    3. Add the WS1-Connector.euc-livefire.com to the connector section
    4. Select Password (Cloud Deployment) checkbox
    5. Select Save at the bottom of the page.

10. Configuring the Built-in IDP in VMware Identity Manager...continued

We need to ensure that our default access policy has Password (Cloud Deployment) set as the authentication method.

  1. Navigate to Identity & Access Management > Manage > Policies  Now Select EDIT (this will edit the default Access Policy Set)
  2. Select the Workspace One App Policy and select Password (Cloud Deployment) as the first authentication form. Select SAVE at the bottom of the page.
  3. Now Select the Web Browser and do the same by changing the primary authentication method to Password (Cloud Deployment) and select SAVE at the bottom of the page.  
  4. Select NEXT on the Policy Page and SAVE on the final page of the wizard.

0 Comments

Add your comment

E-Mail me when someone replies to this comment