Installation and Setup

Installation and Setup


This exercise helps you set up a cloud-based Workspace ONE environment. The procedures are sequential and build upon one another, so make sure that you complete each procedure in this section before going to the next procedure.


Before you can perform the procedures in this exercise, you must have the following components installed and configured:

  • On-premises Active Directory with users available to add to the Workspace ONE UEM tenant
  • Windows Server machine to access Workspace ONE from a web browser

Signing Up for a Free Trial

Complete the following steps to begin a 30-day trial version of Workspace ONE, that includes a cloud-based deployment of Workspace ONE UEM and VMware Identity Manager.

1. Access Free Trial

  1. Navigate to and click 30 DAY FREE TRIAL.
  2. Enter the required information and click Start Your Free Trial.
  3. Allow 24 hours for your request to process.

2. Record Environment Details

Check your email for two activation email messages that contain environment details and access credentials. Note this information in the following tables.

VMware Identity Manager Account Information

User name
VMware Identity Manager server host name

VMware Workspace ONE UEM Information
User name
VMware Workspace ONE UEM server host name

Now that you have signed-up for a cloud-based Workspace ONE trial and noted your environment details, you are ready to log in to the Workspace ONE UEM Console and launch the Getting Started Wizard.

Launching the Workspace ONE UEM Console

The Workspace ONE UEM Console allows you to view and manage every aspect of your Mobile Device Management (MDM) deployment. With this single, web-based resource, you can quickly and easily add new devices and users, manage profiles, and configure system settings.

This exercise helps you to log in to the Workspace ONE UEM Console and launch the Getting Started Wizard.

1. Log In to Workspace ONE UEM Console

Navigate to your Workspace ONE UEM tenant and enter your Workspace ONE admin account information to authenticate.

  1. In the browser of your choice, Navigate to https://<WorkspaceONEHostname> where WorkspaceONEHostname is the host name of the Workspace ONE UEM tenant.
  2. For User name – Enter the name provided in the activation email.
  3. For Password – Enter the password provided in the activation email.
  4. Click the Login button.

2. Accept License Agreement

Accept the End User License Agreement

Review the End User License Agreement, and click Accept. 

3. Configure Security Settings

Address the Initial Security Settings

Configure the settings for the Password Recovery Question:

  1. You may need to scroll down to see the Password Recovery Questions and Security PIN sections.
  2. Password Recovery Question – Keep the default question selected.
  3. Password Recovery Answer – Enter VMware1!
  4. Confirm Password Recovery Answer – Enter VMware1!

Configure the Security Pin, which protects certain administrative functions in the Workspace ONE UEM Console.  

  1. Security PIN – Enter 1234.
  2. Confirm Security PIN – Enter 1234. 
  3. Click Save.

4. Launch Getting Started Wizard

On the dialog box that appears, click Begin Setup to launch the Getting Started Wizard.

Retrieving the Group ID from Workspace ONE UEM Console

In the Workspace ONE UEM Console:

  1. To find the Group ID, point your mouse over the Organization Group tab at the top of the screen.
  2. Your Group ID is displayed at the bottom of the Organization Group pop up.

Note: The Group ID is required when enrolling your device.

Navigating the Getting Started Wizard

Split into four modules, the Getting Started Wizard facilitates the initial configuration of Workspace ONE. For ease of use, it tracks progress and can be started, paused, and restarted later. You can also review and change previous settings.

This exercise helps you to navigate the Getting Started Wizard.

1. Explore the Getting Started Wizard

Open the Workspace ONE module and note the following buttons and icons:

  1. Incomplete – Displays next to steps that have not been configured.
  2. Configure – Click to begin defining settings.
  3. Complete – Displays next to a completed step.
  4. Edit – Click to review or change a completed step’s settings.
  5. Scroll down and open the remaining modules to review their sections and steps.
  6. Use the percentage counter in the upper-right corner to track your configuration progress.

Now that you have navigated the Getting Started Wizard, you are ready to Generate the Apple Push Notification Certificate.

Generating the Apple Push Notification Service Certificate

Apple Push Notification service (APNs) is the messaging protocol created by Apple to manage mobile devices. To manage iOS devices, Workspace ONE UEM requires a valid APNs certificate.

To watch a video demonstrating this procedure, click Creating an Apple APNs Certificate.

1. Configure Apple Push Notification Service (APNs)

In Workspace ONE UEM Console, navigate to the Workspace ONE Getting Started Wizard.

  1. Select Getting Started.
  2. Select Workspace ONE.
  3. Navigate to SETUP > Apple Push Notification Service (APNs).
  4. Click Configure.

2. Download Certificate Request

  1. Under Download Certificate Request, click MDM_APNsRequest.plist.
  2. Click Continue.

3. Enter Corporate Apple ID

Enter your Corporate AppleID email address that you will use to manage all Apple devices for your organization.
If you do not have a Corporate Apple ID, Create Account with Apple.

4. Create Certificate

Navigate to the Apple Push Certificates Portal and use your Corporate Apple ID credentials to authenticate.

Complete the following steps to create the APNs certificate.

  1. Enter your corporate Apple ID.
  2. Enter your Apple ID password.
  3. Click Sign In.
  4. Click Create a Certificate.

5. Upload Certificate Signing Request

  1. Click Choose File and select the MDM_APNsRequest.plist file you previously downloaded.
  2. Click Upload.

6. Download Certificate

Click Download.

7. Complete Certificate Generation

Return to the Getting Started Wizard in the Workspace ONE UEM Console, and click Next.

7.1. Upload PEM Certificate

Click Upload.

7.2. Select the PEM Certificate

  1. Click Choose File and select the previously downloaded .pem file.
  2. Click Save.

7.3. Complete Request

  1. Enter your Apple ID.
  2. Click Save.

Now that you have generated the Apple Push Notification Certificate, you are ready to Configure Android EMM Registration.

Registering Android EMM

Android enterprise mobility management (EMM) separates personal data from work data at the operating system level - creating a clear separation between work and personal apps.

In this exercise, use the setup wizard in the Workspace ONE UEM console to register your enterprise with Google. This creates an admin account that connects Google with Workspace ONE UEM for enterprise device management.

Once your enterprise is registered, Android users can not access their device's work features until they register with Workspace ONE UEM.

2. Begin Google Registration

Click Register with Google.


3. Provide a Google Admin Account

Provide Google Admin Account
  1. Confirm you are logged into your Google Admin Account that you want to associate with your Android for Work configuration.

    Note: After you register a Google Admin Account to Android for Work, you cannot disassociate your Google Admin Account from that Organization. Ensure the Google Admin Account shown is the account you want to associate with your Organization.

  2. Click Get Started.

4. Provide Organization Details

Provide your Organization Details
  1. Enter your Organization name.
  2. Select the Google Play agreement check box.
  3. Click Confirm.

5. Complete Registration

Complete Registration

Click Complete Registration to return to the Android for Work configuration.

6. Confirm Integration in the Workspace ONE UEM Console

Confirm Android for Work Integration
  1. On the Android for Work Settings page, scroll down until you see the Google Admin Console Settings and Google API Settings sections.
  2. Under Google Admin Console Settings, note that the account information you provided during the Android for Work configuration step is displayed here.
  3. Confirm that Android for Work Registration Status is shown as Successful.

Note that the Client ID and Google Service Account Email Address have been created and configured for you automatically. No additional configurations with Android for Work or the Google Developers Console are required.

Downloading the Employee Email Template

Download an email template to introduce employees to Workspace ONE and how to get started.

1. Download Email Template

In Workspace ONE UEM Console, navigate to the Workspace ONE Getting Started Wizard.

  1. Select Getting Started.
  2. Select Workspace ONE.
  3. Navigate to SETUP > Employee Email Template.
  4. Click Download.

2. Copy Email Template

Copy the email template provided in the PDF document.

Now that you have downloaded the email template, the Installation and Setup section is complete.