Create and Configure the VMware Identity Manager Connector

Installing the VMware Identity Manager Connector:

The VMware Identity Manager Connector is an on-premises component of Workspace ONE Access that provides directory integration, user authentication, and integration with resources such as Horizon 7.  The VMware Identity Manager Connector is deployed in outbound connection mode and does not require inbound port 443 to be opened.  The VMware Identity Manager Connector communicates with Workspace ONE Access through a websocket-based communication channel.

You initiated a task that would run the the VMware Identity Manager Connector installer for you at the beginning of this lab in the interest of time.  You will now be configuring the VMware Identity Manager Connector after the installation completes to integrate the connector with your Workspace ONE Access tenant and to configure SSL.  The connector installs with a self-signed certificate that you will replace with a wildcard certificate.

The VMware Identity Manager Connector installer is a simple install that requires minimal input to complete.  If you wish to view the official VMware documentation for installing the VMware Identity Manager Connector, please reference this article.

The following VMware Identity Manager Connector installer configurations were made on your behalf in the interest of time:

  1. The latest major JRE version has been installed.
  2. The connector hostname was configured as conn-01.corp.local over port 443.  
    NOTE: Only port 443 is supported for VMware Identity Manager Connector.
  3. The connector was configured to run as a domain user account (CORP\administrator).
    NOTE: A Domain user account is required if you wish to connect Active Directory over Integrated Windows Authentication or use Kerberos authentication.
  4. The default destination folder (C:\VMware\) was used.

Continue to the next step when you are ready to begin configuring your local VMware Identity Manager Connector.

1. Add a Legacy Connector in Workspace ONE Access

This Hands-on Lab is using the Legacy Connector (19.03), so you will need to add a Legacy Connector instead of the new 20.01 connector.

  1. Click Identity & Access Management
  2. Click Setup
  3. Click Legacy Connectors
  4. Select Use legacy connectors
  5. Click OK

2. Add a Legacy Connector

HOL-2051-13-UEM - Identity Management and Federation with Workspace ONE Access - Lab Console - VMware Learning Platform - Google Chrome

After the page refreshes, click Add.

3. Generate the Connector Activation Code

  1. Enter Lab for the Connector ID Name
  2. Click Generate Activation Code

3.1. Copy the Connector Activation Code

  1. Double-click the Connector Activation Code textbox to select the activation code
  2. Right-click and click Copy
  3. Click OK

3.2. Confirm the Connector is Created

When the Connectors page loads, you will see that the Lab connector you created now exists but the hostname shows Connector not activated.

The Connector Activation Code you copied in the previous step will supplied to your locally installed VMware Identity Manager Connector to activate and integrate the service with this Lab connector you just created.  Until the Connector Activation Code is supplied, this connector will be inactive.

4. Activate the Connector

To activate the locally installed VMware Identity Manager Connector, you need to connect to the connector setup page.  The setup page is available at {hostname}:8443/cfg, where {hostname} is the value you provided during the VMware Identity Manager Connector installer (already configured as conn-01.corp.local for you).

In Google Chrome,

  1. Click the WS1 bookmark folder
  2. Right-click the Conn-01 Setup bookmark
  3. Click Open in new tab

This bookmark has been pre-set for your convenience to navigate to the VMware Identity Manager Connector setup page, which is available at https://conn-01.corp.local:8443/cfg.

4.1. Accept the SSL Certificate Error

  1. Click the tab you just opened
  2. Click Advanced
  3. Click Proceed to conn-01.corp.local (unsafe)

Why am I seeing an SSL Certificate issue for this page?
This is because the VMware Identity Manager Connector installs with a self-signed certificate when the installer completes.  We have not yet configured a SSL certificate for you so that you can complete this step yourself to learn the process.  Because the self-signed certificate does not match our host (conn-01.corp.local), you see this SSL certificate error.

NOTE: If you do not see the page load, then the VMware Identity Manager Connector Installer has not finished and launched the connector service.  Wait a few moments and then refresh the page and try again.

4.2. Create the Appliance Administrator Account Credentials

First you will configure the Appliance Administrator Account (admin) for future logins.  You will need to provide these appliance administrator credentials to modify the appliance.

  1. Enter VMware1! for the password
  2. Enter VMware1! to confirm the password
  3. Click Continue

4.3. Paste the Activation Code

  1. Right-Click inside the Activation Code textbox and click Paste to paste the Activation Code copied from the previous step when creating the "Lab" Connector from the Workspace ONE Access Console
  2. Click Continue

NOTE: While the page loads and refreshes, DO NOT close or manually refresh the page until you see the Setup is Complete screen shown in the next step!  It may take several minutes for the appliance to confirm the activation code.

4.4. Supply the Outbound Proxy Information (IF NEEDED)

IMPORTANT: If prompted for the Outbound Proxy, follow the below steps.  If you are not prompted for this information, skip to the next step.

The Hands-on Labs infrastructure requires an outbound proxy to reach your SaaS Workspace ONE Access tenant, so you will configure that now.  If your environment does not have an outbound proxy, you would not need to confirm these settings.

  1. Click Enable for Proxy
  2. Enter router-110.corp.local:3128 for the Proxy host with port
    NOTE: If you do have an outbound proxy, note that the Proxy host MUST be a hostname and cannot be configured with an IP address!
  3. Enter *.corp.local for the Non-Proxied hosts list
  4. Click Continue

NOTE: While the page loads and refreshes, DO NOT close or manually refresh the page until you see the Setup is Complete screen shown in the next step!  It may take several minutes for the appliance to confirm the activation code.

4.5. Confirm the Setup Completed

When the configuration has saved successfully, you will see the Setup is complete page.  

Continue to the next step when this screen is displayed.

5. Configure the Connector SSL Certificate

  1. Click the WS1 Bookmark folder
  2. Click the Conn-01 SSL Configuration bookmark

Now that the Connector is activated, you will need to configure the SSL certificate.  This can be configured at the following URL, which has been bookmarked for your convenience: https://conn-01.corp.local:8443/cfg/ssl.

5.1. Login to the Appliance (IF NEEDED)

If prompted, login to the Connector appliance using the credentials you configured during setup.

  1. Enter VMware1!
  2. Click Login

NOTE: If you are not prompted to login, continue to the next step.

5.2. Import the Certificate File

You will now supply a trusted wildcard certificate.

  1. Click the Server Certificate tab
  2. Select Custom Certificate for SSL Certificate
  3. Click Choose File for the Import Certificate File

5.3. Select the PFX File

  1. Click Documents
  2. Click HOL
  3. Click Workspace ONE Access
  4. Click corp.local.wildcard.pfx
  5. Click Open

5.4. Provide the PFX Password

Because a PFX is provided rather than a PEM certificate with a private key file, you will need to enter the password for the PFX file.

  1. Enter VMware1! for the password
  2. Click Save

NOTE: After clicking save, the certificate will be installed and the server will be restarted. DO NOT manually refresh or navigate away from the page while this completes!  This process may take a few minutes.

Once the loading wheel disappears, continue to the next step.

5.5. Login to the Appliance (IF NEEDED)

If prompted, login to the Connector appliance using the credentials you configured during setup.

  1. Enter VMware1!
  2. Click Login

NOTE: If you are not prompted to login, continue to the next step.

6. Update Proxy Configuration

The page will automatically refresh once the SSL configuration is saved and applied.

  1. Click Proxy Configuration.
  2. Select Enable for the Proxy setting.
  3. Enter router-110.corp.local:3128 for the proxy host with port.
  4. Enter *.corp.local for the Non-Proxied hosts.
  5. Click Save.

6.1. Close Connector Configuration Page

  1. Wait until you see the Checking if server is up ... 1/10 line output to the console.  You will be closing this window to confirm that the SSL certificate applied successfully, so you will not wait for this page to refresh.
  2. Click Close on the current tab once the Checking if server is up ... 1/10 line is output.

7. Confirming the Connector SSL Certificate Install

You will now navigate to the connector page in an incognito browser to confirm the SSL certificate was applied.

  1. Click the Options (...) button in Google Chrome
  2. Click New incognito window

7.1. Return to the Connector Appliance page

  1. Click the WS1 bookmark folder
  2. Click the Conn-01 SSL Configuration bookmark

7.2. Confirm the SSL Certificate is Trusted

  1. Click the Secure link next to the address
  2. Confirm that you see the connection is secure and that the Certificate is trusted and marked as valid
  3. Click Close to close the incognito session

You have now configured the SSL certificate for your Connector!

7.3. Restart the VMware IDM Connector Service (IF NEEDED)

If the certificate successfully updated, continue to Verify the Connector Activated.  If the VMware Identity Manager Configuration page is still presenting the old certificate (conn-01.corp.local), you can manually restart the VMware IDM Connector service to apply this change.

 

Double-click the Conn-01.rdp link on the Main Console desktop.

  1. Click the Windows Services shortcut on the task bar.
  2. Scroll down to find the VMware IDM Connector service.
  3. Right-click the VMware IDM Connector service.
  4. Click Restart.
  5. Click Close (X) on the remote desktop connection bar for the conn-01.corp.local server to return to the main console.

Once the service restarts, you can navigate back to the Connector configuration page (https://conn-01.corp.local:8443/cfg/) to confirm the cert applied successfully on a restart.

NOTE: Once navigating back to the Connector configuration page, it may take a minute or two for the page to load as the VMware IDM Connector service provides this page and will still be coming online again after the restart.  If so, wait a minute or two and attempt to re-load the page to see if the service is back online.

8. Verify the Connector Activated

Return to the Workspace ONE Access Admin Console tab,

  1. Click the Refresh button in the browser
  2. Click Identity & Access Management
  3. Click Setup
  4. Click Legacy Connectors
  5. Confirm that the Lab Connector now shows the Hostname as conn-01.corp.local.

This confirms that you have successfully setup and installed the VMware Identity Manager Windows Connector!

 

0 Comments

Add your comment

E-Mail me when someone replies to this comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.