1. Click Groups & Settings
2. Click All Settings

1. Click System
2. Click Advanced
3. Click API
4. Click REST API
5. Select Override
6. Click +Add
7. In the new "Service" row, enter the name Identity Manager Admin
8. Select the API Key and copy it to the clipboard by using Ctrl-C

1. Click the Start button
2. Click Notepad++

1. Click File
2. Click New

Enter Ctrl-V which will paste the API Key into Notepad++

1. Click +Add
2. In the new "Service" row, enter the name Identity Manager User
3. Select the API Key and copy it to the clipboard by using Ctrl-C
4. Click Save

On a newline in Notepad++, enter Ctrl-V

1. Click Add
2. Click Admin

1. Enter your VMware Identity Manager Username.   This is the username you used to login to VMware Identity Manager in a previous step.  
2. Enter VMware1! in the "Password" field
3. Enter VMware1! in the "Confirm Password" field
4. Enter your First Name in the "First Name" field
5. Enter your Last Name in the "Last Name" field
6. Enter your Email Address in the "Email Address" field
7. Click on the Roles tab

1. Click in the "Organization Group" field and select your Organization Group
2. Click in the "Role" field and select Console Administrator
3. Click on the API tab

1. Click the Certificates tab
2. Enter VMware1! in the "Certificate Password" field
3. Click Save

1. Click Accounts
2. Click Administrators
3. Click List View
4. Click on the Edit Icon

1. Click the API tab
2. Enter VMware1! in the "Certificate Password" field
3. Click the Export Client Certiifcate button, then click OK on the Save File pop-up
4. Click Save

1. Click Groups & Settings
2. Click All Settings

1. Click System
2. Click Enterprise Integration
3. Click VMware Identity Manager
4. Click Enable

1. Click Export
2. The "Save File" dialog will pop-up, click OK

The Certificate will be saved in the "Downloads" folder.

Click on the "VMware Workspace One" tab

1. Click Identity & Access Management
2. Confirm that the Directory and Users have been synced.

1. Click Identity Providers
2. Click Built-in

1. Scroll down the window until you find "Mobile SSO for iOS".
2. Click on the gear icon

1. Check the "Enable KDC Authenticatoin
2. Click Select File
3. Select the "Downloads" folder
4. Select the "VidmAirWatchRootCertificate.cer" file
5. Click Open
6. Click OK in the confirmation dialog box

1. Confirm the Certificate was uploaded.
2. Click Save

1. Click Identity & Access Management
2. Click Setup

1. Click AirWatch
2. Click Upload Certificate

1. Click Downloads in the left pane
2. Select the certificate download from the AirWatch console.
3. Click Open

1. Enter https://hol.awmdm.com into the AirWatch API URL field
2. Enter VMware1! in the Certificate Password field
3. Paste the Admin API Key from Notepad++ into the AirWatch Admin API Key (the first value in Notepad)
4. Paste the Admin Enrolled User API Key from Notepad++ into the AirWatch Enrolled User API Key (the second value in Notepad)
5. Enter your AirWatch Group ID into the AirWatch Group ID field - See the Lab Guidance chapter at the beginning of the lab if you don't know how to find this.
6. Click Save

1. Scroll to the bottom of the Settings page
2. Select Enable in the "User Password Authentication through AirWatch" section
3. Click Save

In the "Unified Catalog" section, do the following:

1. Select Enable
2. Click Save

1. Click Identity & Access Management
2. Click Policies
3. Click default_access_policy_set

Select the + icon to configure a new policy.

1. Select ALL RANGES in the Network Range dropdown
2. Select iOS in the device type dropdown
3. Select Mobile SSO (for iOS) from the Authentication Method dropdown
4. Confirm that the "Re-authenticate" time is 8 hours
5. Click OK

1. Move the new Policy Rule to the top by clicking on the double arrow icon and dragging it to the top of the list
2. Click Save

Click on the "+" sign to add a new rule

1. Select ALL RANGES for the applied network ranges.
2. Select Web Browser in the 2nd drop done for user client.
3. Set Authentication Method to Password (AirWatch Connector).
4. Select OK.

1. Click and drag the handle to move the Web Browser rule you just created to the 2nd in the list.
2. Click Save.

1. Click Identity Providers
2. Click Built-in

1. In the "Users" section, confirm that the check box next to "corp.local" is checked
2. In the "Network" section, check the box for "ALL RANGES"

Click the gear icon for "Password (AirWatch Connector)"

1. Confirm that "ACC Password Authentication" is enabled.
2. Click Save

Click Save

Open the Firefox settings menu by clicking on the "hamburger" menu.

Click New Private Window

In the URL field enter the address of your Identity Manager tenant.   It should be first name last name four numbers then .vmwareidentity.com.

If the configuration was done correctly you should be prompted to "Select your domain" and the "corp" domain should be shown.

Click Next

1. Enter imauser
2. Enter VMware1!
3. Click Sign in

The App Catalog in Identity Manager should be displayed.   This validates that Identity Manager was able to use AirWatch Cloud Connector to authenticate the user against Active Directory.

Close this instance of Firefox by clicking on the "X" in the upper right corner.

Click on the AirWatch tab in Firefox

If necessary, close the "Settings" page that was left open on a previous step by clicking on the X

1. Click Devices
2. Click Profiles
3. Click List View
4. Hover the mouse over Add
5. Click Add Profile

Click Apple iOS

1. Click General
2. Enter "iOS Identity KDC Cert" in the "Name" field
3. Click in the "Assigned Groups" field and a list of Groups will appear.    Click All Devices ([email protected])

Click Upload

1. Click Browse
2. Click Downloads
3. Select the KDC-root-cert.cer file by clicking on it
4. Click Open

1. Click <--> SCEP
2. Click Configure

Confirm that the AirWatch Certificate Authority is configured

1. Click Single Sign-On
2. Click Configure

1. Enter a friendly name like testsso in the "Account Name" field
2. Enter {EnrollmentUser} in the "Kerberos Principal Name" field
3. Enter VMWAREIDENTITY.COM in the "Realm" field
4. Select SCEP #1 from the "Renewal Certificate" drop down
5. Enter the VMware Identity Manager URL (https://{firstnamelastname1234}.vmwareidentity.com) int the "URL" field
6. Click on the Add button twice in the "Applications" section
7. Enter the following Bundle ID's:
   - com.apple.mobilesafari
   - com.salesforce.chatter
   - com.air-watch.appcenter
8. Click Save & Publish

Click Publish

Enroll an iOS device into your Organization Group in hol.awmdm.com.   Enroll as the Directory User user imauser with the password VMware1!.

Click Settings

1. Click General
2. Scroll down until you see "Device Management" and then click on it

Click Digital Workspace

Click More Details

You should see the single sign on account that you added in the Profile created in the previous section.

Click testsso

Verify that the Principal Name, Realm, URL Prefix Matches and Eligible App IDs are all correct.

Navigate back to the main Settings page.

1. Click Safari
2. Click Clear History and Website Data

Click the Safari icon

1. Enter the URL of your Identity Manager tenant in the URL bar.
2. Click Go

Notice that Identity Manager is signing you in without requiring any authentication.

You are now signed into Workspace One.  There are no applications visible because they haven't been added in Identity Manager or AirWatch.