Configuring the Workspace ONE Access Connector

Part 1. Configuring the Workspace ONE Access Connector

1. We have pre-installed the Workspace ONE Access Connector for you in the Lab environment. However since we have cloned the machine the connector is in an idle state and needs to be re-initiated.

  • Log into your ControlCenter2 server with username [email protected] and password VMware1!
    1. On your ControlCenter2 server desktop select your Remote Desktops folder and select and launch your WS1-Connector.RDP shortcut.
    2. When prompted log in as username [email protected] with the password VMware1!
    3. On the WS1-Connector server open the File Explorer to the following path
      C:\VMware\VMwareidentityManager\Connector
    4. Right Click the install.bat file and click Run as Administrator
    5. This will launch a PowerShell window that will clear out the state of the connector. Wait till the Powershell Window closes which confirms it has run successfully.
    6. Open services.msc and start the VMware IDM Connector service
    7. Wait for a few minutes till all the services have launched and move on to the next part of the lab.

2.  Our objective is to associate our on-premise connector instance with our SaaS instance of Workspace ONE Access.

  • Log on to your Control Center2 server in your Lab use your Google Chrome browser.
    1. On your chrome select the WS1-connnector shortcut or type https://ws1-connector.euc-livefire.com:8443/cfg in the address bar
    2. On the Your Connection is not private page, select Advanced and select Proceed to ws1-connector.euc-livefire.com.
    3. On the login Page, enter VMware1! in the password field.
    4. On your browser, open up a second Tab, navigate to your unique Workspace ONE Access Tenant and if you have not done so login as Administrator with your unique password, that your received in your welcome e-mail  
    5. Navigate to Identity & Access Management > Setup > Connectors  Select  Add Connector 
    6. Next to Connector ID Name: type WS1-Connector. Next select Generate Activation Code . Next copy this code
    7. Revert back to your WS1-Connector Server setup:  On the activate connector page Paste this code into the Activation Code box of your Connector configuration setup, select Continue
    8. You should get a setup is complete page inside the Workspace ONE Access Console.

3. Configure our AD-sync configuration with Workspace ONE Access.

  1. in your Workspace One Access window,  to the right of the screen select Manage, select Directories
  2. Select Add Directory > Add Active Directory over LDAP/IWA

4. Configure our AD-sync configuration with Workspace ONE Access....continued

  • In Add Directory Page, configure the following
    1. Directory Name: LivefireSync
    2. Ensure the Active Directory over LDAP radio button is selected
    3. The Sync Connector select the external connector ws1-connector.euc-livefire.com
    4. Directory Search Attribute: sAMAccountName
    5. Base DN: dc=EUC-Livefire,dc=com
    6. Bind DN: cn=administrator,ou=corp,dc=EUC-Livefire,dc=com
    7. Bind DN Password: VMware1!
    8. Select Test Connection  
    9. Select Save & Next

5.

  • Configure our AD-sync configuration with Workspace ONE Access....continued
    1. On the Select the Domains page, select Next. euc-livefire.com should be discovered.
    2. On the Map User Attribute page
    3. Select Next

 

6.

  • Configure our AD-sync configuration with Workspace ONE Access....continued
    1. On the Select the Groups you want to sync page, select the green plus (+) to the right of the page,
    2. Under Specify the group DNs type the following dc=euc-livefire,dc=com next to the distinguished name you added, select Find Groups then the Select All  check box
    3. select Next.

7.

  • Configure our AD-sync configuration with Workspace ONE Access....continued
    1. On the Select the Users you would like to sync page, under specify the user DNs type ou=corp,dc=EUC-Livefire,dc=com
    2. Select Next, notice the objects to sync in the Review page.
    3. There may be an error, "Missing required attributes email for imaservice" Disregard this error. The sync will stil work.
    4. Select Sync Directory

8. Configuring the Built-in IDP in Workspace ONE Access

  • Navigate to and select Identity & Access Management >  Manage, select Identity Providers. Notice you now have an additional Identity Provider which is a Workspace IDP called WorkspaceIDP_1xxx which is associated with the LiveFireSync directory we just created above. This is an automatic process whereby when the built in connector is associated with Active Directory this Identity Provider gets created.

9. Configuring the Built-in IDP in Workspace ONE Access...continued

  • Let's associate the Built-In iDP with the AD and the external connector to ensure Password (Cloud Deployment) can be used as an authentication method.
    1. Select Built-In.
    2. In the Built-in IDP windows select the following:
      1. Select LivefireSync under Users
      2. All Ranges under Network
      3. Add the WS1-Connector.euc-livefire.com to the connector section
        1. Click Add Connector to confirm
      4. Select Password (Cloud Deployment) checkbox
      5. Select Save at the bottom of the page.

10. Configuring the Built-in IDP in Workspace ONE Access...continued

  • We need to ensure that our default access policy has Password (Cloud Deployment) set as the authentication method for enrollment to work. Note, Workspace ONE enrollment uses this access policy. 
    1. Navigate to Identity & Access Management > Manage > Policies . Select dafault_access_policy_set and select EDIT (this will edit the default Access Policy Set)
    2. Select Configuration on the left navigation and Workspace One App Policy and select Password (Cloud Deployment) as the first authentication form. Select SAVE at the bottom of the page.
      1. NOTE: Be sure to leave Password (Local Directory) as the fallback method as seen in the screen shot below.
    3. Now Select the Web Browser and do the same by changing the primary authentication method to Password (Cloud Deployment) and select SAVE at the bottom of the page.
      1. NOTE: Be sure to leave Password (Local Directory) as the fallback method
    4. Select NEXT on the Policy Page and SAVE on the final page of the wizard.

0 Comments

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.