Enabling Password (Cloud Deployment) Auth Method in Workspace ONE Access

In our current configuration, when we try to authenticate as a user in Workspace ONE Access it will probably fail. This is because we don't have an authentication method available to users that is able to authentication successfully.

The simplest way to do this is to enable Password (cloud deployment) so that our users are able to authenticate with their Active Directory credentials using the Identity Manager Connector we installed and configured. What's great about this method is that its outbound meaning that a user authentication request never comes inbound so there's no inbound firewall rules.

Let's look at how to configure this authentication method and set up our default access policy to use it.

Integrating Workspace ONE UEM and Workspace ONE Access

So you've got your Airwatch Cloud Connector installed and configured and you have your Identity Manager Connector installed and configured, but right now Workspace ONE UEM and Workspace ONE Access are not talking to each other.

We need to configure this integration so that we can start enrolling devices, using Workspace ONE Intelligent Hub, Unified App Catalog and Mobile SSO.

Luckily, this process is pretty straight foward. The wizard that does this integration works well and does all the heavy lifting.

Lets check out the process.

Installing Airwatch Cloud Connector and Configuring Directory Services in Workspace ONE UEM

Welcome to the first installment to my end-to-end lab and Testdrive Sandbox configuration series.

In this post we'll look at installing the Airwatch Cloud Connector (ACC) and integrating with your On-Premises Active Directory.

I do get asked this a bit as to why you would use the ACC and Active Directory if you're using SAML authentication with either Identity Manager/AzureAD/Okta etc. Although in this article I won't cover SAML integration I'll point out why we still recommend full directory integration.

Firstly, it allows users to authenticate securely with their directory credentials. It also pre-populates all the required user metadata in the console (email address, UPN, immutableID, phone number etc.). Using SAML without directory integration would mean the user gets created in Workspace ONE UEM using SAML JIT therefore it won't bring in the rest of those attributes. The other main reason we recommend using this is so that Administrators can use Active Directory groups for Assignment Groups in Workspace ONE UEM. As an example, you could assign a policy or application to your HR Department if that group exists in AD. If you don't have these groups, you would need to manually go into the Workspace ONE Console and assign the configurations to those users one by one.

The ACC also facilitates integration with On-Premises Certificate Authorities, Syslog servers and SMTP services (amongst other things)

So, back to the actual configuration.

Using Google Cloud Identity Secure LDAP with Workspace ONE

Most of my posts on my blog here have been about how to integrate other Identity Solutions with Workspace ONE.  However, the thing that all of these typically had in common was that they were synchronised with an On-Premises Active Directory.

This works well, but what happens when a customer has no On-Premises AD or is trying to get away from using one?

About a year ago, Google Announced their Cloud Identity Premium product which included a preview of LDAP connectivity. I played around with it then and it was good but for our purposes I could never get it to work - it requires the client service to use certificates to authenticate which is something that Workspace ONE doesn't support.

Recently a few customers have been asking whether there was ways to use Google Directories within Workspace ONE other than Just-In-Time provisioning and seeing that Secure LDAP from Google was now Generally Available globally it thought I'd give it another look.

Turns out I was able to get it to work! Read on to work out how, with some help from my colleagues, I was able to get it all integrated.

Installing Identity Manager Connector and Configuring Directory Services in Workspace ONE Access

In this article we're going to talk about installing the VMware Identity Manager Connector in your environment to allow you connect to your On-Premises Active Directory. This connector also has a few other purposes like additional inbound authentication methods and the ability to synchronise Horizon Applications and Desktops.

We're just going to talk go through installation and configuring synchronisation with Active Directory in this article. I'll cover the rest in a later post.