Deploying a Workspace ONE Cloud Connector

Objective and Tasks.

Deploy a Workspace ONE Access cloud connector and bind it to an existing Active Directory domain:

1. Create a Workspace ONE Access Cloud Connector
2. Join the Workspace ONE Access Cloud Connector to the Domain and Promote It.
3. Install the Workspace ONE Access Cloud Connector.
4. Configure Workspace ONE Access

Task 1: Create a Workspace ONE Access Cloud Connector

You create a Workspace ONE Access cloud connector to access users and user groups.

As part of this process, you join it to the domain and promote it to an Active Directory domain controller.

  1. On the browser go to
    • portal.azure.com
    • Login User name:
    • <company>.<full_name>.<student_number>@outlook.com
    • Password:
    • Omnissa1!Omnissa1!
    • Click on Hamburger icon in the azure portal
    • Go to Virtual machines.
  1. From the Create drop-down menu, select Azure virtual machine
    • The Create a virtual machine wizard opens.
  1. On the Basics tab of Create a virtual machine wizard configure the following settings.
    • The values for the Subscription and Region options are provided by the instructor.
    • From the Resource group drop-down menu, select <geo>hcsmadm-rg.
    • Enter WS1-CC-<student_number> in the Virtual network name text box.
    • From the Security type drop-down menu, select Standard.
    • From the Image drop-down menu, select Windows Server 2019 Datacenter  x64 Gen 2.
    • Under Administrator account
      • Username: hcsmaadmin
      • Password: Omnissa1!Omnissa1!
      • Confirm password: Omnissa1!Omnissa1!
    • Select None for Public inbound ports.
    • Select the check box for the following:
      • Would you like to use an existing Windows Server license?
      • I confirm I have an eligible Windows Server license with Software Assurance or Windows Server subscription to apply this Azure Hybrid Benefit.
    • Leave the other options unchanged and click Next : Disks >.
  1. On the Disks tab configure the following settings.
    • For OS disk size leave it to default.
    • From the OS disk type drop-down menu, select Standard HDD.
    • Select the check box for Delete with VM.
    • Leave the other options unchanged and click Next : Networking >.
  1. Configure the Network interface settings.
    • From the Virtual network drop-down menu, select <geo>hcsmadm-vnet<student_number>.
    • From the Subnet drop-down menu, select Management (10.4.<student_number>.128/26).
    • For Public IP leave it to default.
    • For the NIC network security group, verify that Basic is selected.
    • For the Public inbound ports, verify that None is selected.
    • Select the check box for Delete public IP and NIC when VM is deleted.
  1. Leave the options unchanged and click Next for the following pages:
    • Click Next : Management >.
    • Click Next : Monitoring >.
    • Click Next : Advanced >.
    • Click Next : Tags >.
    • Click Next : Review + create >.
    • Review the information on the Review + create tab and click Create.
  1. Monitor the deployment and refresh the page until the VM is created.
    • Note: This process takes about 10 to 15 minutes. You must wait until the Your deployment is complete message appears on the page.
    • Click Go to resource.
  1. From the left navigation pane, navigate to Networking > Network settings.
  1. Click the value below Network Interface/IP configuration.
  1. From the left navigation pane, navigate to Settings > IP configurations.
    • On the IP configurations page, click ipconfig1
    • Under Allocation, select Static and leave the IP address unchanged.
    • Click Save.
    • Before continuing to the next task, you must wait until you receive a notification that the setting is successfully updated.
Task 2: Join the Workspace ONE Access Cloud Connector to the Domain and Promote It

You join the Workspace ONE cloud connector to the domain and promote it to an Active Directory domain controller.

  1. Click the hamburger icon to expand the left navigation pane and select Virtual machines.
  1. Select the Workspace ONE cloud connector that you created and connect.
    • On the cloud connector page navigate to Connect > Bastion.
    • Login with the following details:
      • Authentication type: VM Password
      • User name: hcsmaadmin
      • Password: Omnissa1!Omnissa1!
    • Click Connect.
  1. In the Networks pop-up window, select Yes.
  1. In the Try Windows Admin Center and Azure Arc today dialog box, select the Don’t show this Message Again check box and then close the dialog box.
  1. Right-click the Start menu and select System.
    • Select About.
    • Scroll to the bottom of the About page and click System info.
  1. In the System window, select Advanced system settings.
    • Click Change.
    • Computer Name/Domain Changes window opens.
  1. In the Computer Name/Domain Changes window, configure the following.
    • Leave the Computer name text box unchanged.
    • Under Member of, click Domain.
    • Enter techseals.co in the domain text box.
    • Click OK.
    • Windows security pop-up appears.
  1. In the Windows Security pop-up window, log in.
    • User name: techseals\hcsmaadmin
    • Password: Omnissa1!Omnissa1!
    • Click OK.
    • In the dialog box informing you that Computer Name/Domain is changed, click OK.
    • Click OK to restart the VM.
    • Click Restart Now.
    • Close the Bastion window.
  1. Connect to cloud connector again.
    • On the cloud connector page navigate to Connect > Bastion.
    • Login with the following details:
      • Authentication type: VM Password
      • User name: hcsmaadmin
      • Password: Omnissa1!Omnissa1!
    • Click Connect.
    • Wait for the Server Manager > Dashboard page to load.
  1. On the Server Manager page.
    • Navigate to Manage > Add Roles and Features.
  1. On the Before you begin page, click Next.
  1. On the Select Installation type page, select Role-based or feature-based installation.
    • Click Next.
    • On the Select Destination Server page, leave the default options unchanged and click Next >.
  1. On the Server Roles page.
    • Select the Active Directory Domain Services check box.
    • Add features that are required for Active Directory Domain Services? dialog box appears.
    • Select Add Features.
  1. On the Server Roles page.
    • Select the DNS Server check box.
    • Add features that are required for DNS Server? dialog box appears.
    • Select Add Features.
    • Validation Results dialog box appears.
    • Click Continue.
  1. Click Next for the following pages.
    • Features page
    • Active Directory Domain Services
    • DNS Server
    • Confirm installation selections
  1. On the Confirm installation selections page.
    • Select Restart the destination server automatically if required check box.
    • In the Add Roles and Features Wizard dialog box, click Yes.
    • Click Install.
    • After the installation is complete, click Close.
  1. Promote this server to a domain controller.
    • Click the Notifications icon (a flag with a yellow triangle).
    • Click Promote this server to a domain controller.
  1. On the Deployment Configuration page.
    • Click Change.
    • In the Windows Security pop-up window, log in.
      • User name: techseals\hcsmaadmin
      • Password: Omnissa1!Omnissa1!
      • Click OK.
      • Click Next.
  1. Domain Controller Options page.
    • Password: Omnissa1!Omnissa1!
    • Confirm password: Omnissa1!Omnissa1!
    • Click Next >.
  1. Leave the options unchanged and click Next > for the following pages.
    • DNS Options
    • Additional Options
    • Paths
    • Review Options
  1. On the Prerequisites Check page.
    • Click Install.
    • Once the installation is complete, click Close.
    • Wait for the system to reboot automatically if not click Reconnect.
Task 3: Install the Workspace ONE Access Cloud Connector

You configure Workspace ONE Access and install the Workspace ONE Access cloud connector software.

  1. Select the Workspace ONE cloud connector that you created and connect.
    • On the cloud connector page navigate to Connect > Bastion.
    • Login with the following details:
      • Authentication type: VM Password
      • User name: hcsmaadmin
      • Password: Omnissa1!Omnissa1!
    • Click Connect.
  1. Install Chrome browser to the cloud connector.
    • Click the File Explorer icon.
    • Enter \\10.2.1.4\Software in the address bar.
    • Right-click ChromeSetup and select Run as Administrator.
    • Click Run.
  1. After Google Chrome installation is complete.
    • Launch Google chrome
    • Navigate to https://connect.omnissa.com
    • Log in to the Omnissa Cloud Services console:
      • User name: horizonseals<student_number>@techseals.co
      • Click NEXT.
      • Password: Omnissa1!Omnissa1!
      • Click SIGN IN.
  1. On the Services page.
    • Click LAUNCH SERVICE under Workspace ONE Cloud.
    • If the Introducing Improved Navigation pop-up window appears, click CLOSE.
    • Click LAUNCH under Access.
  1. In the Workspace ONE Access console.
    • Click the Integrations tab.
    • From the left navigation pane, select Connectors.
    • Add New Connector wizard appears
      • Note: If the Add New Connector wizard does not appear, click New.
    • Click NEXT.
    • Download Configuration File appears.
  1. In Download Configuration File page.
    • Enter Omnissa1!Omnissa1! in the Password and Re-enter Password text boxes.
    • Click DOWNLOAD CONFIGURATION FILE.
    • Click NEXT.
    • Click CLOSE.
    • Close Chrome.
  1. Open File Explorer:
    • Enter \\10.2.1.4\Software in the address bar.
    • Navigate to the Workspace ONE Access folder.
    • Right-click Workspace-ONE-Access-Connector-Installer-<XX.XX.X.X>
      • Note: The <XX.XX.X.X> value is the latest version number.
    • Select Run as Administrator.
    • In the Open File dialog box, click Run.
    • On the InstallShield wizard, click Install.
      • Note: This process takes a few minutes and requires a reboot.
    • When prompted, click Yes to restart.
      • Note: The installation continues after you log back in.
    • Click Reconnect.
    • After you are logged in again, click Run in the Open File  Security Warning dialog box.
    • Click Install in the InstallShield wizard to install Microsoft Visual C++.
      • The Workspace ONE Access Connector Installation wizard starts.
  1. On the Workspace ONE Access Connector Installation wizard starts.
    • Click Next >.
    • Select I accept the terms in the license agreement.
    • Click Next >.
    • On the Service Selection page, leave the default options unchanged and click Next >.
    • On the Specify Configuration File page, click Browse and navigate to the This PC\Downloads folder.
    • Select the es-config.json file.
    • Click Open.
    • Enter Omnissa1!Omnissa1! in the Password text box.
    • Click Next >.
    • Select Default installation and click Next >.
  1. On the Specify Service Account page.
    • User name: Enter techseals\dbind
    • Password: Omnissa1!Omnissa1!
    • Click Next >.
    • Click Install.
      • The installation takes about 5 to 10 minutes.
    • Click Finish.
  1. On the cloud connector task bar.
    • Right click the Start menu icon.
    • Select Run.
    • In the Open text box, enter Services.msc
  1. On the Services Wizard, verify that the four services are running.
    • Access Directory Sync Service
    • Access Kerberos Auth Service
    • Access User Auth Service
    • Access Virtual App Service
  1. Close Services Wizard.
Task 4: Configure Workspace ONE Access

You configure access for Active Directory users and groups. The Workspace ONE Access cloud is used to provide identity and authentication services on behalf of Active Directory.

  1. Return to your web browser and log in to the Omnissa Cloud Services console.
    • User name: horizonseals<student_number>
    • Password: Omnissa1!Omnissa1!
    • On the Services page, click LAUNCH SERVICE under Workspace ONE Cloud.
    • Click LAUNCH under Access.
  1. Under Access.
    • Verify that all four of the services have green checkmarks in the Health column.
      • Directory Sync
      • Kerberos Auth
      • User Auth
      • Virtual App
  1. Under Access.
    • Navigate to Settings > User Attributes.
    • To configure the following Custom Attributes section, click ADD ROW and enter the follow.
      • managerDN
      • netBIOS
      • objectGUID
      • sid
    • Click Save.
  1. To configure Active Directory Services.
    • Navigate to Integrations > Directories.
    • Click Add Directory.
    • Select Active Directory from the drop-down.
    • Directory Information page opens.
  1. Add the Directory Information details.
    • Directory Name: techseals.co
    • Type: Select Active Directory over Integrated Windows Authentication
    • Click Next.
    • Configure Directory page opens.
  1. Add the Configuration Directory details.
    • User Name: Ensure that sAMAccountName is selected.
    • External ID:  Enter objectGUID
    • Bind User Name: Enter [email protected]
    • Bind User Password: Enter Omnissa1!Omnissa1!
    • Leave the other options unchanged, click SAVE.
    • Select Domain page opens.
  1. On the Select the Domains page.
    • Select techseals.co domain
    • Click Save.
    • Map User Attributes page opens.
  1. On the Map User Attributes page.
    • Scroll down to sid
    • Select Custom Value from sid drop-down.
    • Enter objectSid
      • Note: The custom value entered is a case sensitive
    • Click SAVE.
    • Sync Groups page opens.
  1. On the Select the groups you want to sync page.
    • Under Sync nested group members, click + ADD.
    • On the Create Group pop-up, enter dc=techseals,dc=co
    • Click ADD.
    • Click Select Groups.
    • Select the groups you want to sync page opens.
  1. Select the check box for the following groups and Click SAVE.
    • DEM Users
    • Domain Admins
    • Domain Users
    • HCSMADM Users
    • Help Desk Users
    • Tenant Admins
    • Users
  1. On the Select the users you want to sync page, click +ADD again.
    • Enter CN=Users,DC=techseals,DC=co in the Add User DN text box.
    • Click ADD.
    • Click TEST.
    • Click SAVE.
    • On the Sync Frequency page, change Every Hour and click SAVE & SYNC.
  1. Set the Login Perferences.
    • Click the Settings tab and navigate Login Preferences.
    • Click EDIT.
    • Ensure that Sync group members to the directory when adding group check box is selected.
    • Click SAVE.
  1. Configure settings for the Intelligent Hub People Search.
    • Click the Integrations tab and navigate People Search.
    • Select techseals.co form the Directory drop-down menu.
    • Click NEXT.
    • Select user attributes page opens.
  1. On the Select user attributes page.
    • Select userPrincipalName from the managerDN drop-down menu.
    • Leave all other options unchanged and click NEXT.
    • Select users and sync to directory page opens.
    • Click SAVE & SYNC.
  1. Click the Accounts tab under the Workspace ONE Access menu bar.
    • Navigate to User Groups.
    • Verify that all the users @techseals.co groups are synced.
    • If users are not synced automatically, click each user group, navigate to the Users tab, and click Sync Users.
    • After the user sync is completed for all the groups, log out from WS1-CC-<student_number>.

0 Comments

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.