Setting up AirWatch for Intergation with Identity Manager: Part 1

First off ensure you have this in place:

  • The organization group in AirWatch that you are configuring VMware Identity Manager is organization type: Customer.
  • REST API admin key for communication with VMware Identtiy Manager service and a REST enrolled user API key for AirWatch Cloud Connector password authentication are made at the same organization group where VMware Identity Manager is configured.
  • API Admin account settings and the admin auth certificate from AirWatch added to the AirWatch settings in the VMware Identity Manager admin console.
  • Active Directory user accounts set up at the asme organization group where  VMware Identity Manager is configured.
  • If end users are placed into a child organization group from where VMware Identity Manager is configured after registration and enrollment, User Group mapping in the AirWatch enrollment configuration must be used to filter users and their respective devices to the appropriate organization group.

You can find these in your AirWatch Admin console:

  • REST admin API key for communication: System -> Advanced -> API -> REST API
  • API Admin account for VMware Identity Manager and the admin auth certificate that is exported form AirWatch and added to the AirWatch settings in VMware Identity Manager.
  • REST enrolled user API key used for AirWatch Cloud Connector password authentication.

 

 

Now let’s log in to the AirWatch Admin console and navigate to:
System -> Advanced -> API -> REST API 

2017-03-28_13-38-07.png

Hit “Add

We call the first one for “AirWatchAPI for IDM” and set the “Account Type” as “Admin“.

Copy out the API key and keep it safe, keep it hidden.

This is to allow IDM and AirWatch to interact over the AirWatch REST API.

Now hit “Add” again and call the next one for “UserAPI for IDM” and set the “Account Type” as “Enrollment User“.

Now copy out the “Enrollment User“-API key  you will be adding these keys when you set up AirWatch in the VMware Identity Manager admin console.

PS: If you disable API access and re-enable it. It will generate new API keys.

 

Now we need to make an “Admin Account” and “Certificate” in AirWatch.

To achieve this you need to use the “REST API admin key” that we generated earlier.

First off

  1. In the AirWatch admin console navigate to “Global -> Customer-level organization group 
    -> Accounts -> Administrators -> List View”

 

  • Click Add -> Add Adminchrome_2017-03-28_13-50-00.png
  • In the “Basic” tab, enter the certificate admin user name and password in the required text boxes.

 

2017-03-28_13-58-37.png

4. Now select the “Roles“-tab and grant it “Console Administrator

5. Select the API tab and in the Authentication text box, select Certificates.

6. Enter the certificate password. The password is the same password entered for the admin on the Basic tab.

2017-03-28_14-13-34.png

7. Click Save. The new admin account and the client certificate are created.

8. In the List View page, select the admin you created and open the API tab again. The certificates page displays information about the certificate.

9. Enter the password you set in the Certificate Password text box, click Export Client Certificate and save the file.

10. The client certificate is saved as a .p12 file type. Keep it safe, keep it hidden.

Configure your AirWatch URL settings in the VMware Identity Manager admin console.

One thought on “Setting up AirWatch for Intergation with Identity Manager: Part 1

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s