Unified Access Gateway Admin integration with Workspace ONE Access (Optional)

In this section we will configure the UAG Admin console to Integrate with Workspace ONE Access

This allows the Administrator to Authenticate using SAML rather than a password. It also facilitates a better Administrator experience as I would not have to concern myself with Password Management and the associated challenges that come with this

Part 1: Downloading the iDP metadata

  1. On your ControlCenter server
    • Open a new tab on your Chrome browser and enter your custom Workspace ONE Access credentials
    • Login to the System Domain, select Next
    • Using your custom Sysadmin Credentials, select sign in
    • In the top right corner
      • Select the TA Icon
      • Select Administration Console
  1. In the Workspace ONE Access Admin Console
    • Next to Catalog, select the dropdown arrow
  1. Under Catalog
    • Select Web Apps
  1. In the Web Apps area
    • Select SETTINGS
  1. In the Settings window
    • Select SAML Metadata
  1. Under SAML Metadata
    • Select and right-click Identity Provider (idP) metadata
    • Select Save link as...
    • Ensure Downloads is selected
    • Select Save

Part 2: Configuring UAG as the Service Provider

  1. On the ControlCenter server
    • Select the File Explorer icon, on the taskbar
    • Select Downloads
  1. In the Downloads folder
    • Select and right-click the idp.xml file
    • Select Edit with Notepad++
  1. In the Notepad++ window
    • Scroll until you find the term entityID.
    • Copy the text from https > to the end of XML
      • An example could look like this
        • https://aw-demale444rn.vidmpreview.com/SAAS/API/1.0/GET/metadata/idp.xml
      • Paste the Text to a new Tab in Notepad++
  1. On the ControlCenter server
    • On your Chrome Browser, open a new tab
    • Select the UAG shortcut
  1. On the Unified Access Gateway login page
    • In the username area, enter admin
    • In the password area, enter VMware1!
    • Select Login
  1. Under Configure Manually
    • Click on Select
  1. In the UAG Admin Console
    • Scroll down until you come to Identity Bridging Settings
    • Next to Upload Identity Provider Metadata, select the Gear icon
  1. In the Upload Identity Provider Metadata window
    • Next to Entity ID, Paste your Entity ID into the area
    • Next IDP Metadata, click Select
      • Select Downloads
      • Select idp.xml
      • Select Open
  1. In the Upload Identity Provider Metadata window
    • Next to Certificate Type, from dropdown,  select PEM
  1. In the Upload Identity Provider Metadata window
    • Next to Private Key , click on  Select
      • Browse to \\horizon.euc-livefire.com\software\certificates\certs
      • Above Open, change Custom files (*.crt.cer) from the dropdown to All Files (*.*)
      • Select   Appvolpem.key
      • Select Open
    • Next to Private Key , click Select
      • Browse to \\horizon.euc-livefire.com\software\certificates\certs
      • Above Open, change Custom files (*.crt.cer) from the dropdown to All Files (*.*)
      • Select Appvol.crt
      • Select Open
  1. In the Upload Identity Provider Metadata window
    • Next to Allow unencrypted SAML assertions, move the toggle to the right
    • Select Save
  1. In the UAG admin Console
    • Just above Identity Bridging Settings
      • Next to Account Settings,
        • Select the Gear icon
  1. In the Account Settings window
    • Select SAML Login Configuration
  1. In the Account Settings window
    • Next to Enable SAML Authentication, move the toggle to the right to turn-on
    • Next to Identity Provider, from the drop down, select your configured Identity Provider
    • Select Download SAML service provider metadata
  1. In the Account Settings window
    • Next to External Host Name, enter uag-hzn.euc-livefire.com
    • Select Download
      • Note the xml Download
    • Select Cancel
    • Select Save , to close the Account Settings window
    • Select Close, OR you might start to be redirected
  1. On your Chrome Browser
    • As we noted in step 15, you might be redirected. Please ignore this for now.
    • We have completed the configuration on the Service Provider, that being the Unified Access Gateway. We will now proceed with the configuration of the Identity Provider, Workspace ONE Access.

Part 3: Completing the Configuration of the Identity Provider

  1. On the ControlCenter server
    • On your Chrome Browser, select your VMware Workspace ONE tab
    • If the Settings window is still open, select X in the top right to close
  1. In the Workspace ONE Access console
    • In Catalog > Web Apps, select NEW
  1. In New SaaS Application window
    • 1.Definition area:
      • Under Name, enter UAG-Admin
      • Select the button called SELECT FILE...
        • In the Open window, browse to the following location:-
          • \\horizon.euc-livefire.com\software\UAG\Icons
          • Select the UAG.png file
        • Select Open
      • Select Next
  1. On your Chrome browser
    • Bottom corner, select the drop-down and select Show in folder
  1. In the File Explorer window
    • Select and right-click the uag-hzn.euc-livefire.com.xml file
      • Select Edit with Notepad++
  1. In the NotePad++ window
    • On your keyboard,
      • Select CTRL + A > Select CTRL + C
  1. On your ControlCenter server
    • Switch back to your Workspace ONE Access Console > New SaaS Application wizard
  1. In the New SaaS Application wizard
    • 2. Configuration.
      • Under URL/XML, paste your XML data in the box
      • Select NEXT
  1. In the New SaaS Application wizard
    • 3. Access Policies
      • Select NEXT
  1. In the New SaaS Application wizard
    • 4. Summary
      • Select SAVE & ASSIGN
  1. In the Select App(s): UAG - Admin
    • Under Users / User Groups
    • Under Deployment Type
      • Select Automatic
    • Select SAVE

Part 4: Testing the integration of Workspace ONE Access and United Access Gateway

  1. On your ControlCenter server
    • Using your Chrome Browser,
      • Select the 3 buttons, in the top right-hand corner
      • Select, New incognito window
  1. In your Chrome Browser, favourites Bar
    • Select the UAG shortcut
  1. In the Workspace ONE window
    • Under Select Your Domain, change System Domain, by selecting the dropdown to euc-livefire.com
    • Select Next
  1. In the Workspace ONE window
    • Under Username, type Kim
    • Under password, type VMware1!
    • Select Sign in
  1. In the Unified Access Gateway Appliance Admin Console
    • Note the designated name in the top right-hand corner
    • If curious, browse around the Admin Console
    • Logout when complete

This concludes the Integration of the Unified Access Gateway Admin Console with Workspace ONE Access

About the Author Reinhart Nel

https://www.livefire.solutions/meet-the-team/reinhartnel/

For any questions please email Reinhart at [email protected]

Acknowledgements: A big Thank you to Patrick Zoeller for his support when writing this lab

0 Comments

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.