Lab 4: Enterprise integrations
Objective and Tasks
- Install and Configure AirWatch Cloud Connector
- Configure Directory Services in Workspace ONE UEM
- Import a User Group
- Configure a service account for Windows Server enrollment
- Adding a Certificate Authority Integration Configuration
Task 1: Install and Configure AirWatch Cloud Connector
You will install AirWatch Cloud Connector on the WS1-Connector VM and connect it to your Workspace ONE deployment.
- Using the VM Switcher, switch to the WS-Connector VM.
- Log in to the WS1-Connector VM.
- User name:
administrator - Password:
Pa$$w0rd
- User name:
- On the WS1-Connector Windows taskbar, click the Google Chrome icon.
- If you get an “Enhanced ad privacy in Chrome” screen, click More and then click Got it.
- From the bookmarks bar, select Workspace ONE UEM. You can also enter
https://omnissatraining.awmdm.com/Airwatchin the address bar to access the console page. - Log in to Workspace ONE UEM.
- User name:
studentadmin{labid} - Password:
Pa$$w0rd - Note: If you get a pop-up to save the password just select Never.
- User name:
In the upper-right corner of the console, click the drop-down menu with your administrator name and verify that Student{labid} organization group is selected from the Organization Group drop-down menu.
- In the navigation pane at the top, select Groups & Settings. Then, select All Settings > System > Enterprise Integration > Cloud Connector.
- Next to Current Setting, click Override.
- Next to Enable AirWatch Cloud Connector, click Enabled. This should be selected by default.
- Click the Advanced tab.
- Scroll down and verify that Use External AWCM URL is selected.
- Scroll down to the bottom of the page, and click Save. The process concludes with a "Saved Successfully" message.
- Click the General tab and at the bottom of the window, click Download AirWatch Cloud Connector Installer.
- In the dialog box, enter
Pa$$w0rdas the password. - Enter
Pa$$w0rdagain to confirm the password. - Click Download. The download could take a minute.
- After the download finishes, click the File Explorer icon on the WS1-Connector Windows taskbar.
- Navigate to the Downloads folder. Inside, you will see the AirWatch Cloud Connector...Installer.
- Right-click the AirWatch Cloud Connector...Installer file and select Run as administrator.
The AirWatch Cloud Connector installation wizard opens.
If you are prompted with a Windows security warning, click More Info and then click Run Anyway.
- Click Next.
The AirWatch Cloud Connector installer might require the installation of Microsoft .NET Framework 4.8 or later. You might be required to restart the DC VM. When you log back in to the VM, the AirWatch Cloud Connector installer automatically opens. If it did not open, you must rerun the AirWatch Cloud Connector installer as an administrator.
- Click I accept the terms in the license agreement and then click Next.
- Click Next. You do not need to change the installation path.
- Enter
Pa$$w0rdin the Certificate Password text box. - Click Next.
- Verify that the Outbound proxy? check box is deselected and click Next.
- Click Install.
- When the prompt says that TLS 1.2 registry keys were added, click OK.
- When the installation finishes, click Finish.
- If you receive a prompt to restart the server, click Yes. Wait about 1 minute for it to restart.
- Reconnect to the WS1-Connector VM. If prompted, enter the following credentials
- User name:
administrator - Password:
Pa$$w0rd
- User name:
- On the WS1-Connector Windows taskbar, click the Server Manager icon.
- From the menu bar, select Tools > Services.
- Verify that the AirWatch Cloud Connector service is running. The service might take up to 10 seconds to start.
- If necessary, right-click AirWatch Cloud Connector and select Start to manually start the service.
- If the service does not start, open File Explorer, navigate to C:\AirWatch\Logs\CloudConnector, and check the log file for errors.
You must set Startup Type to Automatic and not Automatic Delayed. Otherwise, the service does not start automatically.
- Close the Services window.
- Close the Server Manager window.
- Return to the Workspace ONE UEM console in Google Chrome. If you see Enhanced Data Privacy, Click More, then click Got it.
- If the Settings dialog box is closed, select Groups & Settings from the navigation pane at the top. Then, select All Settings > System > Enterprise Integration > Cloud Connector from the navigation pane on the left.
- Scroll down to the bottom of the Cloud Connector page and click Test Connection to verify connectivity.
- A successful connection returns a "Reached Cloud Connector running version 24.x..." message.
- Close the Settings dialog box.
Task 2: Configure Directory Services in Workspace ONE UEM
You configure the Directory Services integration in the Workspace ONE UEM console to bind with the Domain Controller (DC).
- On the ControlCenter VM, log in to the Workspace ONE UEM console.
- User name:
studentadmin{labid} - Password:
Pa$$w0rd
- User name:
- In the upper-right corner of the console, click the drop-down menu with your administrator name and verify that Student{labid} organization group is selected from the Organization Group drop-down menu.
- In the navigation pane at the top, select Groups & Settings. Then, select All Settings > System > Enterprise Integration > Directory Services.
- Verify that Current Setting is set to Override.
- Click Skip wizard and configure manually.
- On the Server tab, configure your server information with the following, and leave the default value for any setting not specified here.
| Option | Action |
| Directory Type | Select LDAP - Active Directory from the drop-down menu. |
| DNS SRV | Click Disabled. |
| Server | Enter controlcenter.omnissatraining.com in the text box. |
| Encryption Type | Click None. |
| Port | Enter in the 389 text box. |
| Protocol Version | Enter in the 3 text box. |
| Use Service Account Credentials | Click Disabled. |
| Bind Authentication Type | Click GSS-NEGOTIATE. |
| Bind Username | Enter administrator in the text box. |
| Bind Password | Enter Pa$$w0rd in the text box, after clicking the CHANGE button. |
| Domain | Delete defaultDomain and enter omnissatraining.com in the text box. |
| Server | The text box autofills controlcenter.omnissatraining.com after you click inside it. |
- Click Test Connection to verify connectivity. A Connection successful message appears.
- Click x in the upper-right corner to close the Text Connection dialog box.
- Click Save.
- Click the User tab and configure the settings.
- Under Base DN, click the plus (+) sign icon next to the text box. The Available Base DNs drop-down menu appears.
- From the Available Base DN drop-down menu, select DC=omnissatraining,DC=com.
- Click Save.
- Click the Group tab and configure the settings.
- Under Base DN, click the plus (+) sign icon next to the text box. The Available Base DNs drop-down menu appears.
- From the Available Base DNs drop-down menu, select DC=omnissatraining,DC=com.
- Click in the Settings dialog box to close the Available Base DNs drop-down menu.
- Delete organizationalUnit and enter
Containerin the Organizational Unit Object Class text box. - Click Advanced to expand and display additional controls.
- Make sure the Auto Sync Default and Auto Merge Default check boxes are checked.
Enabling these settings automatically adds or removes users in Workspace ONE UEM configured user groups based on their membership in your directory service and automatically applies synchronization changes without requiring an administrator's approval.
- Scroll down to the Attribute and Mapping Value columns.
These columns show the mapping between the Workspace ONE UEM user attributes on the left and your directory service attributes on the right. By default, these attributes are those values most commonly used in the Active Directory. You update these mapping values to reflect the values used for your own integration.
- Click the Edit (pencil) icon next to the Organizational Unit text box.
- Delete ou and enter
cnin the Organizational Unit text box. - Click Save.
- Scroll down and click Test Connection to verify the configuration.
You might have to refresh the page and attempt the test connection after the page has refreshed.
- Close the Test Connection dialog box.
- Close the Settings dialog box.
Task 3: Import a User Group
You use the Workspace ONE UEM console to import a user group.
In the upper-right corner of the console, click the drop-down menu with your administrator name and verify that Student{labid} organization group is selected from the Organization Group drop-down menu.
- In the navigation pane at the top, select Accounts. Then, under Users, select Users Groups.
- From the Add drop-down menu, select Add User Group.
- Next to External type, click Organizational Unit.
- Verify that DC=omnissatraining,DC=com is entered in the Group Base DN text box. The attribute must not contain any spaces.
- In the Search Text text box, enter
usersand click Search. The page refreshes and displays additional items. - Select Users from the Group Name search result list.
- Leave the default values for the other settings and click Save.
The page refreshes and you are back to the User Groups list view page. You now see the new user group called Users.
When you import a user group, you add your existing directory service groups into the Workspace ONE UEM console. The addition does not immediately create the Workspace ONE UEM user accounts for each of your directory service accounts. However, it does ensure that the Workspace ONE UEM recognizes them as belonging to a configured group, which you can use as a means of restricting who can enroll.
- Select the Users check box.
- From the More Actions drop-down menu, select Add Missing Users. A dialog box appears asking if you wish to continue.
- To process the request, click OK.
- Click the Refresh button (or refresh the web page), and verify that the number in the Users column is greater than 0.
- Click the Edit (pencil) icon next to the Users group name. The Edit User Group page dialog box appears.
- Next to Add Group Members Automatically, click Enabled.
- Click Save.
You have successfully imported the Active Directory users into the Workspace ONE UEM console.
Task 4: Configure a service account for Windows Server enrollment
Configure a service account in the Servers OG for device enrollment.
In the upper-right corner of the console, click the drop-down menu with your administrator name and verify that Student{labid} organization group is selected from the Organization Group drop-down menu.
- In the navigation pane at the top, select Accounts. Then, select Users.
- Click the Edit (pencil) icon next to the user named ws-account.
- Expand Enrollment.
- Click on the field next to Enrollment Organization Group.
- From the dropdown, select Student{labid} / Servers.
- Click Save.
Task 5: Adding a Certificate Authority Integration Configuration
You review the certificate authority (CA) integration configured for the lab environment.
In the upper-right corner of the console, click the drop-down menu with your administrator name and verify that Student{labid} organization group is selected from the Organization Group drop-down menu.
- In the navigation pane at the top, select Groups & Settings. Then, select All Settings > System > Enterprise Integration > Certificate Authorities.
- Click on Add.
- In the Certificate Authority - Add/Edit fill in the following
- Name:
omnissatraining - Authority Type: Microsoft ADCS
- Protocol: ADCS
- Server Hostname:
controlcenter - Authority Name:
omnissatraining-CONTROLCENTER-CA - Authentication: Service Account
- Username:
Administrator - Password:
Pa$$w0rd
- Name:
- Click Test Connection.
The "Test connection" may be unsuccessful because this task only demonstrates the procedures to follow when you plan to connect to a Certificate Authority.
- Click SAVE.
- You should now see your omnissatraining certificate authority listed in the Certificate Authorities.
0 Comments
Add your comment