Lab 6: Workspace ONE Integrations

Objective and Tasks

Configure multiple Workspace ONE UEM enterprise integrations:

  1. Install and Configure AirWatch Cloud Connector
  2. Configure Directory Services in Workspace ONE UEM
  3. Import a User Group
  4. Adding a Certificate Authority Integration Configuration

Task 1: Install and Configure AirWatch Cloud Connector

You will install AirWatch Cloud Connector on the WS1-Connector VM and connect it to your Workspace ONE deployment.

  1. Log in to the ControlCenter desktop VM.
    • User name: administrator
    • Password: Pa$$w0rd
  2. On the ControlCenter Desktop,  double-click the Remote Desktops folder.
  3. In the Folder double-click WS1-Connector.RDP to connect to the server.
  4. Open the Workspace ONE UEM administration console.
  5. On the WS1-Connector Windows taskbar, click the Google Chrome icon.
  6. From the bookmarks bar, select  Workspace ONE UEM. You can also enter https://techseals.awmdm.com in the address bar.
  7. Log in to Workspace ONE UEM.
    • User name: studentadmin{labid}
    • Password: Pa$$w0rd
    • Note: If you get a pop-up to save the password just select Never
  8. On the Workspace ONE UEM console menu bar, verify that Student{labid} is selected from theOrganization Group drop-down menu.
  9. In the navigation pane on the left, select Groups & Settings > All Settings > System > Enterprise Integration > Cloud Connector.
  10. Next to Current Setting, click Override.
  11. Next to Enable AirWatch Cloud Connector, click Enabled. This should be selected by default.
  12. Click the Advanced tab.
  13. Scroll down and verify that Use External AWCM URL is selected.
  14. Scroll down to the bottom of the page, click Save, and wait for the certificate to be populated. Populating a certificate might take several minutes. The process concludes with a Saved Successfully message.
  15. Click the General tab and click Download AirWatch Cloud Connector Installer.
  16. In the dialog box, enter Pa$$w0rd as the password.
  17. Enter Pa$$w0rd again to confirm the password.
  18. Click Download.
  19. After the download finishes, click the File Explorer icon on the WS1-Connector Windows taskbar.
  20. Navigate to the Downloads folder.
  21. Right-click the AirWatch Cloud Connector Installer file and select Run as an administrator.

The AirWatch Cloud Connector installation wizard opens.

NOTE
If you are prompted with a Windows security warning, click More Info and then click Run Anyway.
  1. Click Next.

Installing the framework might take up to five minutes.

NOTE
The AirWatch Cloud Connector installer might require the installation of Microsoft .NET Framework 4.8 or later. You might be required to restart the DC VM. When you log back in to the VM, the AirWatch Cloud Connector installer automatically opens. If it did not open, you must rerun the AirWatch Cloud Connector installer as an administrator.
  1. Click I accept the terms in the license agreement and then click Next.
  2. Click Next. You do not need to change the installation path.
  3. Enter Pa$$w0rd in the Certificate Password text box.
  4. Click Next.
  5. Verify that the Outbound proxy? check box is deselected and click Next.
  6. Click Install.
  7. When the prompt says that TLS 1.2 registry keys were added, click OK.
  8. When the installation finishes, click Finish.
  9. If you receive a prompt to restart the server, click Yes. The server restart might take up to 5 minutes to complete.
  10. Reconnect to the WS1-Connector VM after it restarts.
    • User name: administrator
    • Password: Pa$$w0rd
  11. On the WS1-Connector Windows taskbar, click the Server Manager icon.
  12. From the menu bar, select Tools > Services.
  13. Verify that the AirWatch Cloud Connector service is running. The service might take up to 10 seconds to start.
  14. If necessary, right-click AirWatch Cloud Connector and select Start to manually start the service.
  15. If the service does not start, open File Explorer, navigate to C:\AirWatch\Logs\CloudConnector, and check the log file for errors.
NOTE
You must set Startup Type to Automatic and not Automatic Delayed. Otherwise, the service does not start automatically.
  1. Close the Services window.
  2. Close the Server Manager window.
  3. Return to the Workspace ONE UEM console in Google Chrome.
  4. If the Settings dialog box is closed, select Groups & Settings > All Settings > System > Enterprise Integration > Cloud Connector from the navigation pane on the left.
  5. Scroll down to the bottom of the Cloud Connector page and click Test Connection to verify connectivity.
  6. A successful connection returns a Reached Cloud Connector running version 24.6.0.16 at WS1-Connector (192.168.110.95) message.
  7. Close the Settings dialog box.
  8. Minimize the Remote Desktop Connection Manager window.

Task 2: Configure Directory Services in Workspace ONE UEM

You configure the Directory Services integration in the Workspace ONE UEM console to bind with the Domain Controller (DC).

  1. On the ControlCenter VM, log in to the Workspace ONE UEM console.
    • User name: studentadmin{labid}
    • Password: Pa$$w0rd
  2. On the menu bar, verify that Student{labid} is selected from the Organization Group drop- down menu.
  3. In the navigation pane on the left, select Groups & Settings > All Settings > System > Enterprise Integration > Directory Services.
  4. Verify that Current Setting is set to Override.
  5. Click Skip wizard and configure manually.
  6. On the Server tab, configure your server information. Leave the default value for any setting not specified here.
Option Action
Directory Type Select LDAP - Active Directory from the drop-down menu.
DNS SRV Click Disabled.
Server Enter controlcenter.techseals.co in the text box.
Encryption Type Click None.
Port Enter in the 389 text box.
Protocol Version Enter in the text box.
Use Service Account Credentials Click Disabled.
Bind Authentication Type Click GSS-NEGOTIATE.
Bind Username Enter administrator in the text box.
Bind Password Enter Pa$$w0rd in the text box.
Domain Delete defaultDomain and enter techseals.co in the text box.
Server The text box autofills controlcenter.techseals.co after you configure the Domain text box.
  1. Click Test Connection to verify connectivity. A Connection successful message appears.
  2. Click x in the upper-right corner to close the Text Connection dialog box.
  3. Click Save.
  4. Click the User tab and configure the settings.
  5. Under Base DN, click the plus (+) sign icon next to the text box. The Available Base DNs drop-down menu appears.
  6. From the Available Base DN drop-down menu, select DC=techseals,DC=co.
  7. Click Save.
  8. Click the Group tab and configure the settings.
  9. Under Base DN, click the plus (+) sign icon next to the text box. The Available Base DNs drop-down menu appears.
  10. From the Available Base DNs drop-down menu, select DC=techseals,DC=co.
  11. Click in the Settings dialog box to close the Available Base DNs drop-down menu.
  12. Delete organizationalUnit and enter Container in the Organizational Unit Object Class text box.
  13. Click the Advanced to display additional controls.
  14. Select the Auto Sync Default and Auto Merge Default check boxes.

Enabling these settings automatically adds or removes users in Workspace ONE UEM configured user groups based on their membership in your directory service and automatically applies synchronization changes without requiring an administrator's approval.

  1. Scroll down to the Attribute and Mapping Value columns.
NOTE
These columns show the mapping between the Workspace ONE UEM user attributes on the left and your directory service attributes on the right. By default, these attributes are those values most commonly used in the Active Directory. You update these mapping values to reflect the values used for your own integration.
  1. Click the Edit (pencil) icon next to the Organizational Unit text box.
  2. Delete ou and enter cn in the Organizational Unit text box.
  3. Click Save.
  4. Scroll down and click Test Connection to verify the configuration.
NOTE
You might have to refresh the page and attempt the test connection after the page has refreshed.
  1. Close the Test Connection dialog box.
  2. Close the Settings dialog box.

Task 3: Import a User Group

You use the Workspace ONE UEM console to import a user group.

  1. On the menu bar, verify that Student{labid} is selected from the Organization Group drop- down menu.
  2. In the navigation pane on the left, select Accounts > Users Groups > List View.
  3. From the Add drop-down menu, select Add User Group.
  4. Next to External type, click Organizational Unit.
  5. Verify that DC=techseals,DC=co is entered in the Group Base DN text box. The attribute must not contain any spaces.
  6. In the Search Text text box, enter users and click Search. The page refreshes and displays additional items.
  7. Select Users from the Group Name search result list.
  8. Leave the default values for the other settings and click Save.

The page refreshes and you are back to the User Groups list view page. You now see the new user group called Users.

NOTE
When you import a user group, you add your existing directory service groups into the Workspace ONE UEM console. The addition does not immediately create the Workspace ONE UEM user accounts for each of your directory service accounts. However, it does ensure that the Workspace ONE UEM recognizes them as belonging to a configured group, which you can use as a means of restricting who can enroll.
  1. Select the Users check box.
  2. From the More Actions drop-down menu, select Add Missing Users. A dialog box appears asking if you wish to continue.
  3. To process the request, click OK.
  4. Click Refresh and verify that the number in the Users column is greater than 0.
  5. Click the Edit (pencil) icon next to the Users group name. The Edit User Group page dialog box appears.
  6. Next to Add Group Members Automatically, click Enabled.
  7. Click Save.

You have successfully imported the Active Directory users into the Workspace ONE UEM console.

Task 4: Adding a Certificate Authority Integration Configuration

You review the certificate authority (CA) integration configured for the lab environment.

  1. On the menu bar, verify that Student{labid} is selected from the Organization Group drop- down menu.
  2. In the navigation pane on the left, select Groups & Settings > All Settings > System > Enterprise Integration > Certificate Authorities.
  3. Click on + ADD.
  4. In the Certificate Authority - Add/Edit fill in the following
    • Name: Techseals
    • Authority Type: Microsoft ADCS
    • Protocol: ADCS
    • Server Hostname: controlcenter
    • Authority Name: techseals-CONTROLCENTER-CA
    • Authentication: Service Account
    • Username: Administrator
    • Password: Pa$$w0rd
  5. Click TEST CONNECTION. You should get Test is Successful in green at the top.
  6. Click SAVE
  7. You should now see your Techseals certificate authority listed in the Certificate Authorities.

0 Comments

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.