Category: Workspace ONE
Notes from the field: VMware Access Kerberos integration and Office 365
Okay let’s say you have your setup for VMware Access nicely configured with your directory search attribute configured as userPrincipalName because that’s the modern way with all cloud services etc. and configured your inbound Kerberos authentication through the IDP of the Access connector. Everyone is happy and all is working well with external connections, internal…
Notes from the field: VMware Workspace ONE UEM and Android Zero Touch
On a recent project we were implementing Android Zero Touch for out of the box enrollment through WS1 UEM. For a detailed explanation what Android Zero Touch is take a look at the following URL: Zero-touch enrollment for IT admins – Android Enterprise Help When the Zero Touch Portal is enabled through the reseller and…
Notes from the field: VMware Access with VMware UAG and JWT validation
It’s been a while since I’ve retested the setup with validating gateway request with JWT entries, because I thought it was depending on an appliance such as F5 for it to work. See Launching Horizon Resources Through Validating Gateways (vmware.com) I did try and configure it none the less but never got it farther then…
Notes from the field: VMware Access Roles and RBAC bug
On recent projects we where configuring RBAC roles in VMware Access Cloud and stumbled across something annoying which turned out to be a bug. The issue is that when you assign the RBAC roles through super admin, read only admin and directory admin that once added you can’t delete or re-add the same group, it…
Notes from the lab: VMware UAG 2106 and Admin SAML
VMware introduced SAML login capabilities for the admin facing side of UAG with version 2106. See the following article: Release Notes for VMware Unified Access Gateway 2106 This quick home lab blog shows how easy it is and how to integrate this with VMware Workspace ONE Access as your entry point. First things first, before…
Notes from the field: VMware Access connector support LDAP Signing and Channel Binding
Quite recently I’ve encountered a random synchronization error that VMware Access connector could not synchronize and would error out with the following error: “Connector communication failed because of invalid data: The specified Bind DN and password could not be used to successfully authenticate against the directory” At first I stumbled upon the known issues list:…
Notes from the field: Configuring SentinelOne SSO with VMware Workspace ONE Access
SentinelOne’s configuration can be achieved after you have a valid account and support login. Afterwards its pretty easy to configure the SSO part. In the cloud console of SentinelOne go to Settings>>Integrations>>SSO Configure the following items for SSO usage: IDP Redirect URL: https://workspaceoneaccessurl:443/SAAS/API/1.0/GET/apps/launch/app/uniqueapplicationid IssuerID: https://workspaceoneaccessurl/SAAS/API/1.0/GET/metadata/idp.xml Configure the rest of the items at your own requirements…
Notes from the field: Configuring Autotask PSA with VMware Workspace ONE Access
Autotask PSA SSO configuration can be found at the following url: https://ww13.autotask.net/help/Content/AdminSetup/1FeaturesSettings/ResourcesUsers/Security/SSSO_OIDC.htm For the configuration part of Workspace ONE Access SSO you can see the available API at this url: https://code.vmware.com/apis/57/idm#/ The problem is that Autotask PSA SSO doesn’t work/supports the setup of VMware Workspace ONE Access. I worked around this issue by having a…
Notes from the field: Configuring OpsGenie (without Atlassian Access) with VMware Workspace ONE Access
OpsGenie can use SAML SSO without the use of Atlassian Access, see the following url: https://docs.opsgenie.com/docs/single-sign-on-with-opsgenie For the configuration part of Workspace ONE Access just add a new manual SAML 2.0 application and provide the following information according to above article: Single Sign On URL https://app.opsgenie.com/auth/saml?id=”uniquesamlidprovided Recipient URL https://app.opsgenie.com/auth/saml?id=”uniquesamlidprovided Application ID https://app.opsgenie.com/auth/saml?id=”uniqesamlidprovided Username Format =…
Notes from the field: Configuring Atlassian Access with Workspace ONE Access
Atlassian Access is the SSO portal being used for SSO access across Jira, Confluence etc. for the configuration part see the following url: https://confluence.atlassian.com/cloud/saml-single-sign-on-943953302.html For the configuration part of Workspace ONE Access just add a new manual SAML 2.0 application and provide the following information according to above article: Single Sign On URL https://auth.atlassian.com/login/callback?connection=saml”uniquesamlidprovided Recipient…