VMware Identity Manager and Workspace ONE UEM Integration_old (EMPOWER)
Part 1. Workspace ONE UEM integration
In this section we will do the Workspace ONE UEM side of the configuration.
1. Switch back to the Workspace ONE UEM Admin console.
- Be sure to make these settings at the company organisation group, then navigate to Groups and Settings > All Settings > System > Advanced> API > Rest API
2. Workspace ONE UEM integration continued....
- Select Override and ENABLED click on +Add then
- Under Service add an an API key name Identity Manager Admin and set the Account type to Admin
- Copy the API key that gets generated into Notepad and document the API Key as the key for Identity Manager Admin
- Click Add again, and create an API key named Identity Manager User. Set the Account Type to Enrollment User.
NOTE: Ensure that the Service name is different from the Service name in Step 2.
- Copy the API key generated to Notepad. Both API keys will be used later in our configuration.
- Select Save
- Close the window
3. Workspace ONE UEM integration continued...
- Exit back to the main Admin console and select Accounts > Administrators > List View
4. Workspace ONE UEM integration continued...
- On the List View Window , to the right of Filters, Select ADD , select Add Admin.
5. Workspace ONE UEM integration continued...
- In the Add/Edit Admin Window, under Basic type the following :
- Next to :-
- User name: IdentityManager
- Password: VMware1!
- Confirm Password: VMware1!
- Require password change at next Login : Disabled (leave default)
- First Name : Identity
- Last Name : Manager
- Email: firstname.lastname@example.org
- Scroll back up
- Next to :-
6. Workspace ONE UEM integration continued...
- Select the Roles tab, under Organizational Group in the search box select Euc-Livefire
- Under Role in the search box select Console Administrator (This role has access to the API).
7. Workspace ONE UEM integration continued...
- Select the API tab, change the Authentication type from USER CREDENTIALS to CERTIFICATES.
- Type in VMware1! as the password for the certificate, it will be used later in the lab.
- Select Save
- On the Restricted Action - Add New User window, when prompted for a PIN type 1234
8. Workspace ONE UEM integration continued..
- In the AirWatch console window, in the List View interface, select the IdentityManager account radio button and select the edit pencil for the account that you had just created,
- In the Add/Edit Admin window select the API tab.
- Next to Certificate Password type VMware1!
- Select Export Client Certificate. Save this certificate to the Desktop
- This certificate is in a .p12 format.
- Click Save at the bottom of the page
9. Workspace ONE UEM integration continued.
- Navigate to Groups & Settings > All Settings > System > Enterprise Integration > VMware Identity Manager > Configuration
- Under Server click CONFIGURE
- On the Connect to VMware Identity Manager window select CONTINUE
On the Connect to VMware Identity Manager window enter the following:
- Tenant URL: Your Tenant eg. https://aw-euclivefiret3rn.vidmpreview.com
- User Name: Your Tenant Admin account
- Password: Your Tenant Password
- Select TEST CONNECTION to ensure Tenant configuration has been entered successfully.
- Select SAVE
Part 2: VMware Identity Manager Integration
1. Navigate back to you unique SaaS Identity Manager console on your browser
- Log in as the System Domain username: administrator password: VMware1!
- Select your Admin accounts Administration Console
- Select Identity & Access Management > Setup > AirWatch
2. VMware Identity Manager Integration....
- On the AirWatch page fill out the configuration details. Next to:
- AirWatch Admin Console URL: API URL of the AirWatch console server instance - https://cn-livefire.awmdm.com
- AirWatch API Certificate: the .p12 certificate downloaded for the Administrator account (Part 1 step 8)
- Certificate Password: password for the administrator certificate - VMware1!
- AirWatch Admin API Key: the API key for the admin (Part 1 Step2)
- AirWatch Enrolled User API Key: the API key set for the enrolled user (Part 1 Step2)
- AirWatch Group ID: Group ID for where the REST API is configured -
- Select Save
You should see "Successfully Saved AirWatch Configuration"
3. VMware Identity Manager Integration....
- In the AirWatch settings next to Workspace ONE Catalog Enable both Fetch from IDM and Fetch from AirWatch checkboxes -
- Next to Enter Device Services Type https://ds-livefire.awmdm.com and select Save
- Next below the Workspace ONE Catalog section you will notice the Compliance Check section, select the Enable radio button and select Save