AirWatch Hands-on LabsInternal Challenge LabsTM-HOL-CHLG-1900Lab GuidanceReview Your Access Policy Configuration in Workspace ONE Access

Review Your Access Policy Configuration in Workspace ONE Access

In the previous section, you configured the integration between your Workspace ONE Access tenant and your Workspace ONE UEM tenant by using the Getting Started wizard in the Workspace ONE UEM console.  The Getting Started wizard generates an API Admin key, an API Enrollment User API key, and an API certificate.  These API keys and certificates are used to establish a secure connection between Workspace ONE Access and Workspace ONE UEM and are linked by your Workspace ONE UEM Group ID.

If you do not use the Getting Started Wizard, you would need to generate these API certificates and keys manually and supply the information in the Workspace ONE Access tenant.

To showcase where these configurations would need to be made manually and to confirm that the Getting Started wizard created the secure connection for you, you will navigate to the Setup section in Workspace ONE Access for review.

1. Validate the Workspace ONE UEM Integration

In your Workspace ONE Access Tenant,

  1. Click on Identity & Access Management
  2. Click on Setup
  3. Click AirWatch
  4. Validate that the API URL, REST API Certificate, Admin API Key, Enrolled User API Key, and Group ID fields are populated
    NOTE: You can find your Group ID by hovering over your organization group name in the Workspace ONE UEM Console!

If you did not use the Getting Started wizard, these values would need to be retrieved from the Workspace ONE UEM console and entered here manually.  To reduce complexity and eliminate erroneous input, you utilized the Getting Started wizard to configure these automatically.

NOTE: The Admin and Enrolled User API Keys will be unique each time, so they may not match

2. Updating the Workspace ONE UEM Configuration

  1. Scroll down to the bottom of the Workspace ONE Configuration section.
  2. After any changes are made here, you would need to manually save them by clicking Save.  
    NOTE:     You can find your Group ID by hovering over your organization group name in the Workspace ONE UEM Console!
  3. A pop-up will confirm if the configuration was saved successfully.

3. Configure the Workspace ONE App Catalog

4. Enable Compliance Check and Workspace ONE User Password Authentication

5. Change Default Access policy in Access

  1. Change the default Access policy to allow Authentication via the ACC
  2. Change this for Web Browser and for Workspace ONE app or Hub App   
  3. Users will need to authenticate to the with their UEM password, then fallback to Local Directory

6. Return to the Workspace ONE UEM Console

For the next steps, we will return to the Workspace ONE UEM Console. Click the Workspace ONE UEM tab, which should be the first tab, on your browser to return to the Workspace ONE UEM Console Login page.

0 Comments

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.