1. Set Proxy (Windows & Linux) to Disabled
2. Set Per-App Tunnel (Linux Only) to Enabled
3. Select Basic from the drop down.
4. Click Next to continue

In this page you will need to fill in the Host Names, URLs and Ports that correspond to the specific server(s) assigned to you for this workshop.

1. Enter a hostname. NOTE: This value can be any fully qualified domain name as it will not be directly accessed by the device.
2. Enter 8443 in the Port field for Per App Tunneling
3. Click Next

1. Click Next

1. Set the Per-App Tunnel Authentication setting to Default
2. Click Next

1. Click "+" to add a new profile
2. Select Android as the platform from the drop down menu.
3. Select Create new profile as the action from the drop down menu.
4. Type in a name for the profile that will be created i.e. "Android SSO"
5. Click Next to continue.

This will create a profile in the Devices > Profiles > List View page that is assigned to "All Devices" Assignment Group with the Deployment method set to "On-Demand".

1. Set the Access Logs option to Disabled
2. Set the NSX Communications option to Disabled
3. Click Next to continue

1. Confirm Configuration Details. Click Save

2. Click the Advanced tab

1. Scroll down to the Authentication Sub-heading for Per-App Tunneling
2. Select "Export Certificate"
3. "Save File" to your the Downloads folder
4. Click "Ok"

Click "Add Version" to make changes to the profile

1. Change Assignment Type from On Demand to Auto
2. Enter "All Devices ([email protected])" in Assigned Groups
3. Click Save & Publish

1. Set Platform to Android
2. Set Source to Enter URL
3. Open a New tab in your Browser
4. Navigate to https://play.google.com

1. Open a new tab in Firefox
2. Go to "play.google.com"
3. Enter "Salesforce" in the search bar
4. Click the Salesforce1 application
5. Highlight the URL, right click, select Copy
6. Click the AirWatch Console tab

1. Enter URL, right click, select Paste
2. Click Next

1. Enter "Salesforce1" in the Name field
2. Click Assignment tab to continue

1. Select "All Devices ([email protected])" for the Assigned Groups
2. Click Deployment tab to continue

1. Set Push Mode to Auto
2. Enable checkbox to "Use VPN"
3. Select "Android SSO" from the Per-App VPN Profile list
4. Click Save & Publish

Click Publish

1. Click System
2. Click Enterprise Integration
3. Click AirWatch Tunnel
4. Click Network Traffic Rules
5. Set the Default Action from Tunnel to "Bypass"
6. Click "Save"

1. Click "+ Add" to add an application to the Rule
2. Set the Action to "Proxy"
3. Enter HTTPS Proxy: "certproxy.vmwareidentity.com:5262"
4. Enter your Workspace ONE tenant hostname in the Destination Hostname field (i.e. firstNameLastName.vmwareidentity.com)
5. Click "Save"
6. Click "Publish Rules"

Enter 4 Digit Security PIN to confirm Publish Rules

1. Enter your username in the "username" field.   Your VMware Identity Manager username is in the email that was sent to you when you started the lab.
2. Enter your password in the "password" field.   This is the password you set earlier in the lab when you clicked on the link in the email.
3. Click Sign in

1. Go to Identity & Access Management
2. Click on Identity Providers
3. Select the Built-In adapter

1. Scroll down until you see "Mobile SSO (for Android)" in the Authentication Methods section
2. Click the gear icon

1. Check the box to "Enable Certificate Adapter"
2. Click "Select File" next to Root and Intermediate Certificates
3. Navigate to Downloads
4. Select "TunnelDeviceRoot.cer"
5. Click "Open"
6. Click "Save"

After save, confirm status for Mobile SSO (for Android) is "Enabled"

Complete the following steps if you have not done so in earlier sections of the lab. Ensure that Salesforce has been added to the Catalog in Workspace ONE.

1. Enter "Salesforce" for the Policy Name
2. Click "Select" to choose the applications the policy will apply to

1. Check the box to select Salesforce
2. Click Save

Note: If you do not see the application in the list of available apps. Go to Catalog. Select "Add Application" , select "...from the cloud application catalog". Scroll down to the Salesforce App and select.

1. Under Policy Rules click the "+" to add new policy
2. Select "ALL RANGES" for Network Range
3. Select "Android" for where the user is accessing from
4. Select "Mobile SSO (for Android)" for the Authentication method
5. Click OK
6. Click Save on the Salesforce Access Policy

Confirm the Salesforce policy saves successfully

1. Select Server Details

1. Enter "hol.awmdm.com" in the hostname field
2. Enter the groupID assigned to you at the beginning of the workshop
3. Click "Continue"

1. Enroll the device to the "imauser" account added earlier
2. Enter "VMware1!" in the Password field
3. Click Continue

Click Continue

Click Continue

Click Activate

Click Continue

Click Continue

1. Click "Play Store"
2. Click "Install"
3. Return to the AirWatch Agent to complete enrollment

Click Exit

After enrollment is completed, ensure all managed profiles and applications are downloaded.

1. Launch the application on your device.
2. Click "OK" to Accept the Connection Request
3. Return to the home screen

1. Launch Salesforce1 Application
2. Click "I Agree" to accept the User Agreement

1. Select "Use Custom Domain"
2. Type in your custom domain name "yourDomain-dev-ed.my.salesforce.com"
3. Click Continue

1. Select "corp.local" domain
2. Click "Next"

Confirm that your login is successful using the Mobile SSO (for Android) adapter.