Configuring VMware Identity Manager for Salesforce – Part 1

July 25, 2018February 13, 2019 Ulv Bjørnsson2 Comments

Now we’ll look at configuring SAML integration between VMware Identity Manager and Salesforce for Workspace ONE.

Definition: Security Assertion Markup Language (SAML). It is an open standard which enables SSO for many different services and platforms. Authenticating with SAML allows a user to log in once per session.

Here are the defining components of SAML:

Service provider (i.e. an application.)
Identity provider (who is authenticated, and what authentication methods are used.)
End user who is accessing over SAML.

User starts the SAML Application
Service Provider (SP) sends a request to the Identity Provider (IdP) for authentication
If the user is not authenticated, the IdP requests authentication from the user. (I.e. username and password)
The IdP then sends response to the SP with a token for that user.

Installing VMware Enterprise Systems Connector

July 24, 2018February 13, 2019 Ulv BjørnssonLeave a comment

Things change fast, very fast. So VMware AirWatch 9.1 is out and so is the new installer which serves as the unified connector for Workspace ONE; AirWatch, and Identity Manager.

So if you were used to installing the ACC (AirWatch Cloud Connector) or the Linux appliance vIDM (VMware Identity Manager Connector), you should know that these two products have now been tied into one and have been branded VMware Enterprise Systems Connector.

Which I think is great, as editing a Linux appliance and bash, sudo, cat, vi. Yeah, it was fun.

I’ll walk you through the installation of the VMware Enterprise Systems Connector and enterprise integration.

I’m going to VMworld 2017 Barcelona!

September 8, 2017February 7, 2018 Ulv Bjørnsson1 Comment

Trip is booked and I’m leaving on Sunday for VMworld 2017 in Barcelona, woho!

I’ll be blogging each day and I’ll try to include pictures and information for those not able to attend.

A lot of exciting sessions, I can’t wait to hear more about Horizon in the Public Clouds or the exciting breakout sessions about the Digital Workspace, Security Transformation and especially the many roundtable sessions. If you are curious about the sessions check out the tracks here.

Looking forward to meet up with many of you, and hitting up vendor booths and just theory-crafting ideas, and concepts to come.

If you are going to VMworld 2017 next week and want to meet up, hit me up on here, message me on Twitter or LinkedIn.

If nothing else make sure you’re signed up for the variety of events available after hours. If you know me you call me or mail me. You got my digits.

Stay tuned for my updates on VMworld 2017 over on Twitter @UlvBjornsson and thanks for tuning in!

VMware AirWatch PowerShell Integration for Mobile Email Management and more

August 3, 2017September 4, 2017 Ulv Bjørnsson9 Comments

AirWatch, it’s here to stay.

So let’s talk about AirWatch, Office 365 and Powershell.

Objective: To enable integration between Powershell and Office 365 to facilitate; AirWatch Mobile Email Management (MEM).

“Mobile Email Management (MEM) functionality in AirWatch delivers comprehensive security for your corporate email infrastructure by allowing only compliant users and devices to access email.”

Now to getting this up and running

The steps we will be taking are

Integrate PowerShell with AirWatch
Setting up a PowerShell Admin User
Enable Powershell Integration in AirWatch
Configure Exchange to Block or Quarantine Devices
Email Management
Cmdlets Executed by AirWatch

Installing VMware Identity Manager Connector

April 11, 2017April 27, 2017 Ulv BjørnssonLeave a comment

Hi again, and now we’ll go through how you install a VMware Identity Manager Connector.

First off with the prerequisites and some data you need to have to proceed through this guide:

You will need:

VMware Identity Manager-tenant
OVA-file (the VMware Identity Manager Connector software)
Set up a DNS record
Service Accounts: for binding to LDAP and domain joining the Connector
Connector activation code (which we gather from our VMware Identity Manager-tenant)

Setting up AirWatch for Integration with Identity Manager: Part 2

March 28, 2017April 27, 2017 Ulv BjørnssonLeave a comment

Configure AirWatch settings in VMware Identity Manager to integrate AirWatch with VMware Identity Manager and enable the AirWatch feature integration options. The AirWatch API key and the certificate are added for VMware Identity Manager authorization with AirWatch.

Now if you are just jumping into this series, you need to know that you require to have this in place to complete the steps outlined here. If you haven’t you can check out Part 1.

AirWatch server URL that the admin uses to log in to the AirWatch admin console.
AirWatch admin API key that is used to make API requests from VMware Identity Manager to the AirWatch server to setup integration.
AirWatch certificate file used to make API calls and the certificate password. The certificate file must be in the .p12 file format.
AirWatch enrolled user API key.
AirWatch group ID for your tenant, which is the tenant identifier in AirWatch.

Setting up AirWatch for Intergation with Identity Manager: Part 1

March 28, 2017April 27, 2017 Ulv Bjørnsson1 Comment

First off ensure you have this in place:

The organization group in AirWatch that you are configuring VMware Identity Manager is organization type: Customer.
REST API admin key for communication with VMware Identtiy Manager service and a REST enrolled user API key for AirWatch Cloud Connector password authentication are made at the same organization group where VMware Identity Manager is configured.
API Admin account settings and the admin auth certificate from AirWatch added to the AirWatch settings in the VMware Identity Manager admin console.
Active Directory user accounts set up at the asme organization group where VMware Identity Manager is configured.
If end users are placed into a child organization group from where VMware Identity Manager is configured after registration and enrollment, User Group mapping in the AirWatch enrollment configuration must be used to filter users and their respective devices to the appropriate organization group.

You can find these in your AirWatch Admin console:

REST admin API key for communication: System -> Advanced -> API -> REST API
API Admin account for VMware Identity Manager and the admin auth certificate that is exported form AirWatch and added to the AirWatch settings in VMware Identity Manager.
REST enrolled user API key used for AirWatch Cloud Connector password authentication.

Integrating AirWatch with Active Directory

March 28, 2017April 27, 2017 Ulv Bjørnsson1 Comment

We are going to connect your AirWatch environment with your Active Directory. We will be using the Directory Services page to configure the settings that let you integrate your AirWatch server with your organization’s domain controller (the server hosting your directory services system).

The scenario outlined in this tutorial assumes that you already have the following items:

Active Directory
AirWatch

Installing and configuring the AirWatch Cloud Connector

March 16, 2017April 27, 2017 Ulv BjørnssonLeave a comment

First we will install the AirWatch Cloud Connector (ACC) by enabling it in the AirWatch Admin Console and then we download and run the installer file onto the server that will host the service.

Installing the AirWatch Cloud Connector (ACC) includes the following tasks:

Enable the ACC in the AirWatch Admin Console
Generate the certificate that will be used for communication between the ACC and the AirWatch environment.
Configure the ACC with the services we will be using.
Download the ACC installer and install it.
Verify that the installation was successful, and that communications pass between the AirWatch SaaS to the ACC, and the ACC to the AirWatch SaaS.

musings of a consultant

Category: VMware