Initial Configuration

Initial Configuration

Introduction

This exercise helps you to install and configure the VMware Enterprise Systems Connector. You can choose which components to install during the installation process. For this exercise, you install only the VMware AirWatch Cloud Connector component.

The procedures are sequential and build upon one another, so make sure that you complete each procedure in this section before going to the next procedure.

Prerequisites

Before you can perform the procedures in this exercise, you must satisfy the following requirements.

  1. Check whether you have the following components installed and configured.
    • Cloud-based VMware Identity Manager tenant
    • Cloud-based VMware Workspace ONE UEM tenant
    • On-premises Active Directory with users available to add to the Workspace ONE UEM tenant
    • Domain administrator in Workspace ONE UEM Console – You must log in to Workspace ONE UEM Console using a domain administrator user account to add Active Directory user groups and web applications.
    • Windows Server machine to access Workspace ONE from a web browser
    • Windows Server machine to install VMware Enterprise Systems Connector –  Ensure that this machine can reach the AirWatch Cloud Messaging (AWCM) server by browsing to https://awcmXXX.awmdm.com/awcm/status.Replace XXX with the number used in your environment URL, for example, 100 for cn100. If the status of the AWCM has SSL errors, resolve the errors before continuing. Otherwise, the connector does not function properly.

For more information, see the VMware Identity Manager Documentation and VMware AirWatch Documentation.

2.  Make sure you have gathered the devices that you need

  • Android device of your choice
  • iOS device of your choice
  • macOS device of your choice
  • Windows 10 device of your choice

3.  Verify that your environment meets the networking requirements.

Source Component Destination Component Port 
End-user device Workspace ONE user portal (*.vmwareidentity.<region>)where region is .com, .eu, or .asia
443 (HTTPS)
End-user device Device Services
443 (HTTPS)
End-user device (Android) AirWatch Cloud Messaging (AWCM) Server
443 (HTTPS)
Administrative console users
*.awmdm.com
443 (HTTPS)
Administrative console users
*.vmwareidentity.<region> where region is .com, .eu, or .asia
443 (HTTPS)
Enterprise Systems Connector
Workspace ONE UEM
443 (HTTPS)
Enterprise Systems Connector
Active Directory
389, 636 (SLDAP) 3268 or 3269 (SLADP)

4.  Verify that your environment meets the operating system and software requirements.

Workspace ONE Requirements Details
Active Directory
  • Windows Server 2008 or 2008 R2
  • Windows Server 2012 or 2012 R2
Web browser to access VMware Identity Manager and Workspace ONE UEM Console
  • Internet Explorer 11 for Windows
  • Google Chrome 42.0 or later for Windows and macOS
  • Mozilla Firefox 40 or later for Windows and macOS
  • Safari 6.2.8 or later for macOS
Enterprise Systems Connector server
  • Windows Server 2008 R2
  • Windows Server 2012 or 2012 R2
  • .NET framework 4.6.2

Downloading VMware Enterprise Systems Connector

The Getting Started Wizard guides you through the Connector configuration. Complete the steps to download the Enterprise Systems Connector.

1. Configure Enterprise Connector & Directory

  1. In Workspace ONE UEM Console, select Getting Started.
  2. Select Workspace ONE.
  3. Navigate to SETUP > Enterprise Connector & Directory.
  4. Click Configure.

2. Complete Enterprise Systems Connector Details

  1. For Password, enter VMware1!.
  2. For Confirm Password, enter VMware1!.

3. Download Enterprise Systems Connector

Click Download VMware Enterprise Systems Connector Installer. Save the downloaded .exe file in an accessible location.

After the Enterprise Systems Connector begins downloading, click Continue.

Installing VMware Enterprise Systems Connector

Install the AirWatch Cloud Connector component to integrate Workspace ONE UEM with back-end enterprise systems.

[Optional:] To watch a video demonstrating this procedure, click VESC Install Demo, or click the video itself.

Note: The video contains no sound. Use the subtitles for installation details.

1. Launch the VMware Enterprise Systems Connector Installer

Ensure you are logged in to the machine where you will install the VMware Enterprise Systems Connector.

1.1. Run the VMware Enterprise Systems Connector Installer

Locate the .exe file downloaded in the previous exercise and double-click to run the installer.

Click Run when prompted to run this software.

1.2. Install Microsoft .NET Framework

If prompted to install Microsoft .NET Framework 4.6.2, click Install.

1.3. Reboot if Required

After Microsoft .NET Framework 4.6.2 completes its download, click Yes to reboot and continue the connector installation.

2. Begin the VMware Enterprise Systems Connector Installer

Click Next.

2.1. Accept the License Agreement Terms

  1. Select I accept the terms in the license agreement.
  2. Click Next.

2.2. Choose the Program Features to Install

  1. Ensure that the AirWatch Cloud Connector is set to install and that the VMware Identity Manager Connector is not set to install.
  2. Click Next.

2.3. Accept the Default Destination Folder

Click Next to accept the default destination folder.

2.4. Enter the Certificate Password

  1. Enter VMware1! for the Certificate Password.
  2. Click Next.

2.5. Disable Outbound Proxy

Ensure Outbound Proxy is not selected and click Next.

3. Begin the Installation Process

Click Install.

4. Close the VMware Enterprise Systems Connector Installer

Click Finish.

Testing the Connection

After the Enterprise Systems Connector installs, return to the Getting Started wizard in the Workspace ONE UEM Console to test the connection.

1. Return to Getting Started Wizard

  1. If the Workspace ONE Getting Started wizard closed, navigate to Getting Started > Workspace ONE to open it.
  2. In the SETUP section, next to Enterprise Connector & Directory, click Configure.

2. Continue Enterprise Connector Setup Wizard

In the Run the VMware Enterprise Systems Connector Installer section, scroll down and click Continue.

3. Confirm Test Connection Successful

  1. Click Test Connection, and confirm that you see the message VMware Enterprise Systems Connector is active.
  2. Click Continue.

Now that you have completed the VMware Enterprise Systems Connector installation, you are ready to begin the VMware Enterprise Systems Connector configuration.

Configuring Active Directory Details

The next step in Enterprise Connector & Directory is to integrate the connector with Active Directory. The values used in this section are based on a test environment. Your configuration values will differ.

1. Provide Active Directory Details

Enter the following Active Directory information.

  1. Directory Type – Select Active Directory from the drop-down menu.
  2. Server – Enter the FQDN of the Active Directory server.
  3. Encryption Type – Select the encryption type for your environment. This example uses SSL.
  4. Port – Keep the default value.
  5. Protocol Version – Keep the default value.
  6. Bind Authentication Type – Select GSS-NEGOTIATE.
  7. Bind Username – Enter the user name that has permission to access the domain controller.
  8. Bind Password – Enter the password.
  9. Click Save.

2. Confirm Test Connection is Successful

  1. Click Test Connection. If successful, you see the message Connection successful with the given server name, bind username and password.
  2. Click Continue.

For more information, see the VMware AirWatch Directory Services Guide in the VMware Workspace ONE UEM Documentation.

Integrating VMware Identity Manager with Workspace ONE UEM

After Directory Setup is complete, you are ready to integrate VMware Identity Manager with Workspace ONE UEM.

 

1. Enter VMware Identity Manager Details

Enter the following information for VMware Identity Manager.

  1. Tenant URL – The tenant URL for VMware Identity Manager
  2. Username – The user name for the VMware Identity Manager tenant
  3. Password – The password for the VMware Identity Manager tenant
  4. Click Test Connection. If successful, you see the message Test connection successful!
  5. Click Continue.

2. Use Workspace ONE UEM to Authenticate Users

  1. For Do you want to use AirWatch to authenticate users, select Yes.
  2. Click Save. It can take a few minutes for the Save process to complete. The Finish button is available when the process completes.
  3. Click Finish.

Adding Active Directory User Groups to Workspace ONE UEM

After Active Directory has been integrated with Workspace ONE UEM, you can enroll any Active Directory user or group into Workspace ONE UEM. You add or import the Active Directory users and groups who you want to access Workspace ONE UEM. For this exercise, you add a user group. Ensure that you are logged in to the Workspace ONE UEM Console as a domain administrator. The values used in this section are based on a test environment. Your configuration values will differ.

1. Navigate to User Groups

  1. In Workspace ONE UEM Console, select Accounts.
  2. Select User Groups > List View.

2. Add User Group

  1. Click Add.
  2. Click Add User Group.

3. Find User Group

Configure the user group information. Keep the default values unless otherwise specified.

  1. Search Text – Enter the user group name, for example, user.
  2. Click Search.
  3. Select the user group from the Group Name list.

4. Configure User Group Details

  1. User Group Settings – Select Custom.
  2. Maximum Allowable Changes – Enter 100.
  3. Add Group Members Automatically – Select Enabled.
  4. Click Save.

Syncing Active Directory User Group in Workspace ONE UEM

After you have created an Active Directory user group, sync this group in Workspace ONE UEM to import the users immediately.

1. Sync User Group

  1. Select the check box next to the user group added in the previous exercise.
  2. Click Sync.

2. Confirm Synced Users

In the dialog box, click OK to confirm.

Check that the synced users appear in the Users column.

Logging In to the VMware Identity Manager Console

This exercise helps you to log in to your VMware Identity Manager tenant.

1. Launch Google Chrome (If Needed)

If Google Chrome is not already open, launch Google Chrome by double-clicking the icon from the desktop.

3. Login to Your VMware Identity Manager Tenant

  1. Enter the administrator user name.
  2. Enter the administrator password.
  3. Click Sign In.

Verifying Workspace ONE UEM Users Appear in VMware Identity Manager

After you have authorized an Active Directory user group to access Workspace ONE UEM, the user group also appears in VMware Identity Manager.

1. Confirm the Workspace ONE UEM User Group is Available

  1. Click the Users & Groups tab.
  2. Click Groups.
  3. Verify that the Workspace ONE UEM user group is listed.

2. Force Sync If Required

If the users do not appear in VMware Identity Manager, you can force a sync from the Workspace ONE UEM Console.

2.3. Sync Users

Scroll down and click Sync Now.

After you verify that Workspace ONE UEM users appear in VMware Identity Manager, you are ready to configure Mobile Single Sign-On.

Configuring Mobile Single Sign-On

The Getting Started wizard guides you through configuring mobile SSOs.

1. Navigate to Mobile Single Sign-On

  1. Select Getting Started.
  2. Select Workspace ONE.
  3. Navigate to SETUP > Mobile Single Sign-On.
  4. Click Configure.

2. Configure Mobile Single Sign-On

Click Get Started.

Click Continue.

3. Auto-Configure Mobile Single Sign-On Settings

Click Start Configuration

4. Complete Mobile Single Sign-On Configuration

When the auto-configure checklist completes, click Finish.

Click Close.

After you configure Mobile Single Sign-On, the Initial Configuration section is complete.