REVIEWERS GUIDE NOVEMBER 2017 REVIEWER S GUIDE FOR CLOUD-BASED VMWARE WORKSPACE ONE: MOBILE SINGLE SIGN-ON. VMware Workspace ONE

Similar documents
INTEGRATING OKTA: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

MANAGING ANDROID DEVICES: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

VMware Workspace ONE Quick Configuration Guide. VMware AirWatch 9.1

CONFIGURING AD FS AS A THIRD-PARTY IDP IN VMWARE IDENTITY MANAGER: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

REVISED 6 NOVEMBER 2018 COMPONENT DESIGN: VMWARE IDENTITY MANAGER ARCHITECTURE

CONFIGURING BASIC MACOS MANAGEMENT: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Configuring Single Sign-on from the VMware Identity Manager Service to Marketo

Integrating VMware Workspace ONE with Okta. VMware Workspace ONE

USING PRODUCT PROVISIONING TO DELIVER FILES TO WINDOWS 10: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

INSTALLATION AND SETUP VMware Workspace ONE

INTEGRATING WITH DELL CLIENT COMMAND SUITE: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Configuring Single Sign-on from the VMware Identity Manager Service to Trumba

Configuring Single Sign-on from the VMware Identity Manager Service to Vizru

Configuring Single Sign-on from the VMware Identity Manager Service to Exterro E-Discovery

Guide to Deploying VMware Workspace ONE. VMware Identity Manager VMware AirWatch 9.1

Integrating AirWatch and VMware Identity Manager

Guide to Deploying VMware Workspace ONE. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1

Guide to Deploying VMware Workspace ONE with VMware Identity Manager. SEP 2018 VMware Workspace ONE

ARCHITECTURAL OVERVIEW REVISED 6 NOVEMBER 2018

VMWARE HORIZON CLOUD WITH VMWARE IDENTITY MANAGER QUICK START GUIDE WHITE PAPER MARCH 2018

Deploying VMware Workspace ONE Intelligent Hub. October 2018 VMware Workspace ONE

Setting Up Resources in VMware Identity Manager (SaaS) Modified 15 SEP 2017 VMware Identity Manager

Configuring Single Sign-on from the VMware Identity Manager Service to Bonusly

VMware Identity Manager Administration. MAY 2018 VMware Identity Manager 3.2

Setting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1

Administering Workspace ONE in VMware Identity Manager Services with AirWatch. VMware AirWatch 9.1.1

Configuring Single Sign-on from the VMware Identity Manager Service to Collibra

Setting Up Resources in VMware Identity Manager 3.1 (On Premises) Modified JUL 2018 VMware Identity Manager 3.1

TECHNICAL WHITE PAPER AUGUST 2017 REVIEWER S GUIDE FOR VIEW IN VMWARE HORIZON 7: INSTALLATION AND CONFIGURATION. VMware Horizon 7 version 7.

VMware Identity Manager Administration

VMware AirWatch - Workspace ONE, Single Sign-on and VMware Identity Manager

REVISED 6 NOVEMBER 2018 COMPONENT DESIGN: UNIFIED ACCESS GATEWAY ARCHITECTURE

Setting Up Resources in VMware Identity Manager. VMware Identity Manager 2.8

Using Workspace ONE PIV-D Manager. VMware Workspace ONE UEM 1811 VMware Workspace ONE PIV-D Manager

IMPLEMENTING SINGLE SIGN-ON (SSO) TO KERBEROS CONSTRAINED DELEGATION AND HEADER-BASED APPS. VMware Identity Manager.

Android Mobile Single Sign-On to VMware Workspace ONE. SEP 2018 VMware Workspace ONE VMware Identity Manager VMware Identity Manager 3.

PROVIDING SECURE ACCESS TO VMWARE HORIZON 7 AND VMWARE IDENTITY MANAGER WITH THE VMWARE UNIFIED ACCESS GATEWAY REVISED 2 MAY 2018

VMware PIV-D Manager Deployment Guide

DEPLOYING WIN32 APPLICATIONS: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

AirWatch Container. VMware Workspace ONE UEM

Horizon Workspace Administrator's Guide

Workspace ONE UEM Integration with RSA PKI. VMware Workspace ONE UEM 1810

Configuring OneSign 4.9 Virtual Desktop Access with Horizon View HOW-TO GUIDE

Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER

VMware Identity Manager Administration

VMware AirWatch: Directory and Certificate Authority

Setting Up Resources in VMware Identity Manager

VMware AirWatch Integration with SecureAuth PKI Guide

Table of Contents. VMware AirWatch: Technology Partner Integration

VMware AirWatch Integration with RSA PKI Guide

Yubico with Centrify for Mac - Deployment Guide

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

VMware AirWatch Workspace ONE Send Admin Guide Configuring and deploying Workspace ONE Send

VMware AirWatch Android Platform Guide

VMware AirWatch Integration with Apple School Manager Integrate with Apple's School Manager to automatically enroll devices and manage classes

VMware End User Computing Global Demo Environment Walkthrough Guide

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

EXPLORING MONITORING AND ANALYTICS VMware Horizon

Cloud Secure Integration with ADFS. Deployment Guide

VMware Workspace ONE UEM Integration with Apple School Manager

VMware AirWatch Integration with F5 Guide Enabling secure connections between mobile applications and your backend resources

VMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager

VMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager

A: SETTING UP VMware Horizon

Workspace ONE UEM Certificate Authority Integration with JCCH. VMware Workspace ONE UEM 1810

Cloud Pod Architecture with VMware Horizon 6.1

VMware Identity Manager Integration with Office 365

Table of Contents HOL-1757-MBL-6

VMware AirWatch Integration with Palo Alto Networks WildFire Integrate your application reputation service with AirWatch

VMware AirWatch Integration with Apple School Manager Integrate with Apple's School Manager to automatically enroll devices and manage classes

VMware AirWatch Chrome OS Platform Guide Managing Chrome OS Devices with AirWatch

VMware Identity Manager Integration with Office 365

VMware AirWatch Certificate Authentication for Cisco IPSec VPN

VMware AirWatch Tizen Guide

VMware AirWatch Integration with Microsoft ADCS via DCOM

Centrify for Dropbox Deployment Guide

VMware AirWatch - Mobile Application Management and Developer Tools

VMware AirWatch Chrome OS Platform Guide Managing Chrome OS Devices with AirWatch

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

VMware Workspace ONE UEM Apple tvos Device Management. VMware Workspace ONE UEM 1811 VMware AirWatch

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Better MDM

Request Manager User's Guide

VMware AirWatch tvos Platform Guide Deploying and managing tvos devices

Workspace ONE UEM Certificate Authentication for Cisco IPSec VPN. VMware Workspace ONE UEM 1810

Introduction to application management

Deploying VMware Identity Manager in the DMZ. SEPT 2018 VMware Identity Manager 3.3

PRINTED 13 APRIL 2018 NETWORK PORTS IN VMWARE HORIZON 7

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Deploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2

AirWatch Mobile Device Management

Using VMware Horizon Workspace to Enable SSO in VMware vcloud Director 5.1

Pulse Workspace Appliance. Administration Guide

Workspace ONE UEM Notification Service 2. VMware Workspace ONE UEM 1811

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

Workspace ONE Chrome OS Platform Guide. VMware Workspace ONE UEM 1811

Workspace ONE UEM Certificate Authority Integration with Microsoft ADCS Using DCOM. VMware Workspace ONE UEM 1811

VMware Horizon Cloud Service on Microsoft Azure Administration Guide

Using VMware Identity Manager Apps Portal

SAP Security in a Hybrid World. Kiran Kola

Transcription:

REVIEWERS GUIDE NOVEMBER 2017 REVIEWER S GUIDE FOR CLOUD-BASED VMWARE WORKSPACE ONE: VMware Workspace ONE

Table of Contents Introduction.... 3 Purpose of This Guide....3 Audience...3 Before You Begin....3 Section A: Mobile Single Sign-On Configuration.... 4 Exercise A1: Configure Mobile Single Sign-On.... 4 Exercise A2: Configure the ios Device Profile... 6 Section B: Salesforce Single Sign-On Configuration.... 7 Exercise B1: Export SAML Metadata from VMware AirWatch.... 8 Exercise B2: Import the SAML Metadata File to Salesforce.... 8 Exercise B3: Update the SAML Settings.... 9 Exercise B4: Register Your Domain in Salesforce.... 10 Exercise B5: Update the Federation ID.... 12 Exercise B6: Configure the Salesforce Application for SSO... 13 Exercise B7: Add User Entitlement.... 14 Exercise B8: Test the Salesforce SSO Configuration in a Web Browser.... 15 Section C: VMware AirWatch Device Profile Assignment......................................16 Exercise C1: Assign a VMware AirWatch Device Profile... 16 Section D: Enrolling the ios Device and Logging In... 18 Exercise D1: Enable Adaptive Management.... 18 Exercise D2: Test Adaptive Management.... 20 Exercise D3: Install AirWatch Agent from the App Store and Enroll Device.... 21 Exercise D4: Test the SSO Configuration of Salesforce on Your Mobile Device.... 24 Exercise D5: Deploy the Workspace ONE Mobile Application.... 25 Summary.... 26 All Guides.... 26 Appendix: Terminology Used in This Guide.... 27 Additional Resources.... 28 About the Authors and Contributors.... 29 REVIEWER S GUIDE 2

Introduction Welcome to the Reviewer s Guide for Cloud-Based VMware Workspace ONE: Mobile Single Sign-On. This guide walks you through the process of configuring mobile single sign-on (SSO) on an ios device in VMware Workspace ONE. These steps include configuring SAML integration between VMware Identity Manager and Salesforce and assigning VMware AirWatch device profiles. Workspace ONE simplifies access to cloud, mobile, and enterprise applications from supported devices. IT administrators can deploy, manage, and secure applications and, at the same time, offer a flexible, bring-your-own-device (BYOD) option for users. Purpose of This Guide The Reviewer s Guide helps you evaluate a cloud-based Workspace ONE. This guide provides exercises to explore and evaluate the mobile SSO feature and how to configure and use it. For an overview of the product and information about other practical exercises, see All Guides. Important: This guide is for evaluation purposes only. It uses the minimum required resources for a basic deployment and does not explore all possible features. Do not use this evaluation environment as a template for deploying a production environment. To deploy a production environment, see the VMware Workspace ONE Documentation. Audience This guide is for prospective IT administrators of Workspace ONE and anyone who uses the product. Before You Begin Before you can perform the exercises in this guide, you must have the following components installed and configured, as described in the Reviewer s Guide for Cloud-Based VMware Workspace ONE: VMware Enterprise Systems Connector Installation and Configuration. Cloud-based VMware Identity Manager tenant Cloud-based VMware AirWatch tenant On-premises Active Directory with users available to add to the VMware AirWatch tenant Windows Server machine to access Workspace ONE from a web browser ios device of your choice Domain administrator added to AirWatch Console In addition, you need to create a trial Salesforce developer account. To register, you need a valid email address to receive your Salesforce password. REVIEWER S GUIDE 3

Section A: Mobile Single Sign-On Configuration Configure mobile SSO using the Getting Started wizard in AirWatch Console. The wizard configures the following. AirWatch Certificate Authority Sets up a connection to the AirWatch Certificate Authority (CA), and allows the CA to issue authentication certificates. AirWatch Certificate template Creates a preconfigured Certificate template to issue certificates for mobile SSO. VMware Tunnel Creates a connection with a proxy service within VMware Identity Manager, and authenticates certificates on behalf of the mobile application. Authentication methods Establishes a trust chain between the AirWatch CA and VMware Identity Manager. User profiles Creates an AirWatch configuration profile, which distributes a certificate and configures the device to authenticate with VMware Identity Manager. Access policies Configures access policies in VMware Identity Manager to authenticate using mobile SSO for managed devices. Unmanaged devices require a password to authenticate. Although we use an ios device to test the mobile SSO feature, the wizard also configures mobile SSO for Android and Windows 10 devices. The exercises are sequential and build upon one another, so make sure that you complete each exercise in the order presented. Exercise A1: Auto-Configure Mobile Single Sign-On Exercise A2: Complete ios Device Profile Configuration Exercise A1: Configure Mobile Single Sign-On The wizard guides you through configuring mobile SSOs. 1. In AirWatch Console, select Getting Started > Workspace ONE. 2. In the SETUP section, navigate to Mobile Single Sign-On, and click Configure. REVIEWER S GUIDE 4

3. Click Get Started. 4. Click Continue. 5. Click Start Configuration. 6. When the auto-configure checklist completes, click Finish. 7. Click Close. REVIEWER S GUIDE 5

Exercise A2: Configure the ios Device Profile The mobile SSO feature creates default device profiles. You must update the ios device profile to include the Salesforce application identifier. 1. Select Devices > Profiles & Resources > Profiles. 2. Select the ios device profile. 3. Select Single Sign-On. 4. In the Applications section, enter the following identifiers for the apps that can use this login. com.apple.mobilesafari com.air-watch.appcenter com.apple.safariviewcontroller com.salesforce.chatter 5. Click Save & Publish. Now that you have enabled mobile SSO, proceed to the next section to configure SSO for Salesforce. REVIEWER S GUIDE 6

Section B: Salesforce Single Sign-On Configuration Security Assertion Markup Language (SAML) is an open standard for SSO across multiple services. Using SAML authentication, a user logs in to an environment only once per web browser session to access all systems. SAML usually defines three components: Service provider (SP), such as an application Identity provider (IdP) that includes a database of users and authentication methods End user who needs to access the application The following steps provide a high-level overview of how SAML works. 1. A user launches the SAML application, which accesses the SP. 2. The SP sends a request to an IdP for authentication. 3. If the user is not already authenticated, the IdP requests authentication from the user (for example, user name and password). 4. The IdP then sends a response to the SP with a token for that user. In these exercises, you configure the Salesforce application with the identity provider metadata and integrate VMware Identity Manager to a trial Salesforce account. The exercises are sequential and build upon one another, so make sure that you complete each exercise in the order presented. Exercise B1: Export SAML Metadata from VMware AirWatch Exercise B2: Import the SAML Metadata File to Salesforce Exercise B3: Update the SAML Settings Exercise B4: Register Your Domain in Salesforce Exercise B5: Update the Federation ID Exercise B6: Configure the Salesforce Application for SSO Exercise B7: Add User Entitlement Exercise B8: Test the Salesforce SSO Configuration in a Web Browser REVIEWER S GUIDE 7

Exercise B1: Export SAML Metadata from VMware AirWatch Export the identity provider SAML metadata from VMware AirWatch. The metadata is used to configure the Salesforce application. 1. In AirWatch Console, select Apps & Books > Applications > Web > SaaS. 2. Click Settings. 3. Right-click Identity Provider (IdP) metatdata, and select Save Link As. 4. Save the metadata file. Exercise B2: Import the SAML Metadata File to Salesforce Import the metadata file to Salesforce. 1. In a web browser, navigate to https://login.salesforce.com. 2. Enter your Salesforce user name and password, and click Login. 3. In the search panel on the left, enter single to locate SSO settings. 4. Click Single Sign-On Settings. 5. Click Edit. 6. Select SAML Enabled to enable SSO using SAML. REVIEWER S GUIDE 8

7. Click New from Metadata File. 8. Click Choose File, and select the file saved in the previous exercise. 9. Click Create to populate the SAML SSO settings. Exercise B3: Update the SAML Settings Specify how the IdP identifies the Salesforce user, and complete the metadata download. 1. Select Assertion contains the Federation ID from the User object. 2. Click Save. 3. Click Download Metadata. REVIEWER S GUIDE 9

Exercise B4: Register Your Domain in Salesforce After you have downloaded the SAML metadata file, you need to register your domain in Salesforce. 1. In the search box on the left, enter my domain and click My Domain. 2. Under Choose Your Domain Name, enter a domain name in the text box. 3. To confirm that your domain name is not being used, click Check Availability. 4. Click Register Domain. It can take a few minutes for Salesforce to complete the process. When the domain is registered, you receive an email. After you receive the email, you can edit the authentication configuration in My Domain. REVIEWER S GUIDE 10

5. In the search box on the left, enter my domain and click My Domain. 6. Next to Authentication Configuration, click Edit. 7. To enable the authentication service, select your Identity Manager user name in the Authentication Service section. 8. Click Save. REVIEWER S GUIDE 11

Exercise B5: Update the Federation ID The federation ID in Salesforce is a unique user name that can be shared across multiple applications. The federation ID allows administrators to choose a user name format to pass to Salesforce from their user directory for SSO. The user name format is often an attribute, such as the user s email address. 1. In the search box on the left, enter users and click Users. 2. Next to the user name used for the trial account, click Edit. 3. In the Single Sign-On Information section, enter the federation ID as the UPN of the AD user account. For example, user1@kbs.local. 4. Click Save. REVIEWER S GUIDE 12

Exercise B6: Configure the Salesforce Application for SSO You now add the Salesforce application to the VMware AirWatch catalog and configure the application for SSO. To add a web application to AirWatch Console, you must be logged in as a domain administrator. 1. In AirWatch Console, select Apps & Books > Applications > Web > SaaS. 2. Click New. 3. In the Search text box, enter Salesforce. 4. Select Salesforce from the list. The remaining options are auto-filled. 5. Click Next. REVIEWER S GUIDE 13

6. Select URL/XML. 7. Open the previously saved metadata file (see Update the SAML Settings) using Notepad. 8. Copy the data, and paste it into the URL/XML text box. 9. Click Next. 10. Click Save. Exercise B7: Add User Entitlement You are now ready to entitle users to the Salesforce application. 1. In the VMware Identity Manager administration console, click the Catalog tab. 2. Click the Salesforce icon from the application list. 3. Click Entitlements, and click Add user entitlement. 4. Click browse. 5. Select the VMware Identity administrator user account. 6. Select Automatic from the drop-down menu. 7. Click Save, and click Done to complete the entitlement process. REVIEWER S GUIDE 14

Exercise B8: Test the Salesforce SSO Configuration in a Web Browser You can confirm that SSO is correctly configured by logging in to a web browser and accessing the Salesforce application from the VMware Identity Manager portal. 1. On a desktop computer, use a web browser to navigate to the VMware Identity Manager portal. 2. Enter the credentials for a user entitled to the Salesforce application. 3. Start the Salesforce application. If SSO is configured correctly, the Salesforce application starts without prompting for a user name and password. Proceed to the next section to assign a VMware AirWatch device profile. REVIEWER S GUIDE 15

Section C: VMware AirWatch Device Profile Assignment A device profile allows you to manage devices with specific settings and rules. You can enforce corporate rules and procedures when device profiles are combined with compliance policies. Exercise C1: Assign a VMware AirWatch Device Profile The mobile SSO setup feature creates a default ios device profile. After a device profile has been created, you can assign the profile to a smart group. 1. In AirWatch Console, select Devices > Profiles & Resources > Profiles. 2. Click the ios device profile. 3. On the General tab, click the Assigned Groups text box and select Create Assignment Group. REVIEWER S GUIDE 16

4. Enter the following information, and then click Save. Name Enter a name of your choice for the smart group. This exercise uses ios Smart Group. Platform and Operating System From the drop-down menus, select the following options: Apple ios, Greater Than or Equal To, ios 10.2.0. 5. Click Save & Publish. You have successfully assigned a VMware AirWatch device profile to the ios smart group. Proceed to the next section to enroll the ios device and log in. REVIEWER S GUIDE 17

Section D: Enrolling the ios Device and Logging In After you have assigned a smart group to the device profile, you are ready to log in to Workspace ONE and access applications from the catalog. You can deploy internal and public applications as either managed or unmanaged when using VMware AirWatch for native application delivery. This adaptive management approach protects data inside applications without requiring devices to be managed. Adaptive management is applied on a per-application basis in AirWatch Console. With an application profile, an administrator can require device management prior to allowing the device to use an application. These exercises are sequential and build upon one another, so make sure that you complete each exercise in the order presented. Exercise D1: Enable Adaptive Management Exercise D2: Test Adaptive Management Exercise D3: Install AirWatch Agent from the App Store and Enroll Device Exercise D4: Test the SSO Configuration of Salesforce on Your Mobile Device Exercise D5: Deploy Workspace ONE Mobile Application Exercise D1: Enable Adaptive Management Add the Socialcast by VMware application to the VMware AirWatch catalog, and enable adaptive management. 1. In AirWatch Console, select Apps & Books > Applications > Native > Public. 2. Click Add Application. 3. Provide the following information, and then click Next. Platform Select Apple ios. Name Enter Socialcast. 4. Click Select to select the Socialcast application. REVIEWER S GUIDE 18

5. Click Save & Assign. 6. Click Add Assignment. REVIEWER S GUIDE 19

7. Provide the following information. Selected Assignment Groups Select the ios smart group that you created in Assign AirWatch Device Profile. App Delivery Method Select On Demand. Managed Access Select Enabled. 8. Click Add. 9. Click Save & Publish, and then click Publish. Exercise D2: Test Adaptive Management To test the adaptive management feature, you need an unmanaged ios device a device that does not have AirWatch Agent installed. 1. On your ios device, download the Workspace ONE application from the App Store. 2. Start the Workspace ONE application, and log in using your user name and password. 3. On the Catalog tab, tap the Socialcast application, and tap Install. REVIEWER S GUIDE 20

4. To acknowledge the message, The use of Socialcast requires activation of Workspace Services to protect company data, tap Proceed. 5. To begin the Workspace Services profile installation, tap Install, and enter your passcode when prompted. 6. To confirm the installation, tap Install. 7. Tap Trust. 8. To access the Workspace ONE portal, tap Open. 9. Next to Socialcast, tap Install. 10. After the Socialcast installation completes, tap the application to launch it. Exercise D3: Install AirWatch Agent from the App Store and Enroll Device You enroll your ios device in VMware AirWatch by installing AirWatch Agent. Remove the Workspace Services profile you created in the adaptive management exercise. 1. On your ios device, tap Settings. 2. Select Profiles > Device Management. 3. Tap Workspace Services. 4. Tap Remove Management, and enter your passcode when prompted. Now install AirWatch Agent, and enroll the ios device in VMware AirWatch. 1. On your ios device, in the web browser, navigate to http://awagent.com. 2. Tap Go to Apple AppStore, and click the cloud icon to install AirWatch Agent. 3. Tap Open to start the agent. REVIEWER S GUIDE 21

4. Tap Server Details, enter the following information, and then tap Next. a. Server Enter the VMware AirWatch tenant name. b. Group ID Enter your organization group ID. 5. To install the Workspace Services profile, tap Install, and enter your passcode when prompted. 6. To confirm the installation, tap Install. REVIEWER S GUIDE 22

7. Tap Trust. 8. Tap Done. 9. To verify the device management settings on your ios device, navigate to Settings > Profiles > Device Management. You can see the installed Workspace Services profile. 10. Log in to the Workspace ONE portal. Logging in invokes TouchID on the ios device and automatically authenticates you. REVIEWER S GUIDE 23

Exercise D4: Test the SSO Configuration of Salesforce on Your Mobile Device When you install a Workspace Services profile, VMware AirWatch pushes Salesforce to your ios device. In this exercise, you log in to your enrolled ios device and start Salesforce. If SSO is configured correctly, the Salesforce application starts without prompting for a user name and password. 1. On your ios device, tap the Salesforce1 application. 2. Confirm redirection to Workspace ONE. 3. Validate SSO. Authentication completes, and the application starts without requiring a user name and password. REVIEWER S GUIDE 24

Exercise D5: Deploy the Workspace ONE Mobile Application In AirWatch Console, assign the Workspace ONE application to the previously created smart group. 1. In AirWatch Console, select Apps & Books > Native > Public > Add Application. 2. Provide the following information, and then click Next. Platform Select Apple ios. Name Enter VMware Workspace ONE. 3. Click Save & Assign. 4. Click Add Assignment. 5. Provide the following information, and then click Add. Selected Assignment Groups Select the ios smart group name that you created in Assign a VMware AirWatch Device Profile. App Delivery Method Select Auto. Application Configuration Select Enabled. Configuration Key Enter AppServiceHost. Value Type Select String. Configuration Value Enter the VMware Identity Manager tenant URL, for example, https://ksheehan.vmwareidentity.com. 6. Click Save & Publish, and then click Publish. After you enroll your device, the Workspace ONE application is available for installation in the application catalog. REVIEWER S GUIDE 25

Summary This guide is part of the Reviewer s Guide for Cloud-Based VMware Workspace ONE series, which introduces Workspace ONE through practical exercises. The Mobile SSO guide walks you through configuring SAML for an application in VMware Identity Manager and assigning access policies and device profiles. SSO and adaptive management features are also demonstrated. For information about the other guides in this series, see All Guides. For information about features not covered in this series, see the VMware Workspace ONE Documentation. All Guides You can explore many key features and capabilities in the Reviewer s Guide series for cloud-based Workspace ONE: Reviewer s Guide for Cloud-Based VMware Workspace ONE: Overview Reviewer s Guide for Cloud-Based VMware Workspace ONE: VMware Systems Enterprise Connector Installation and Configuration Reviewer s Guide for Cloud-Based VMware Workspace ONE: Mobile SSO Note: For information about features that are not covered in this series, see VMware Workspace ONE Documentation. REVIEWER S GUIDE 26

Appendix: Terminology Used in This Guide The following terms are used in this guide. catalog A user interface (UI) that displays a personalized set of virtual desktops and applications to users and administrators. These resources are available to be launched upon selection. cloud A set of securely accessed, network-based services and applications. A cloud can also host data storage. Clouds can be private or public, as well as hybrid, which is both private and public. identity provider (IdP) A mechanism used in a single-sign-on (SSO) framework to automatically give a user access to a resource based on their authentication to a different resource. service provider (SP) A host that offers resources, tools, and applications to users and devices. For more information, see the VMware Glossary. REVIEWER S GUIDE 27

Additional Resources For more information about Workspace ONE, you can explore the following resources. VMware Workspace ONE Product Page VMware Workspace ONE Documentation VMware Identity Manager Product Page VMware Identity Manager Documentation VMware AirWatch Product Page VMware AirWatch Documentation VMware Workspace ONE free trial VMware Workspace ONE Enterprise Edition Reference Architecture VMware End-User-Computing Blog Workspace ONE Hands-On Lab REVIEWER S GUIDE 28

About the Authors and Contributors The Reviewer s Guide for Cloud-Based VMware Workspace ONE was written and updated by Gina Daly, Technical Marketing Manager in End-User-Computing Technical Marketing, VMware Kevin Sheehan, Senior Product Manager, Windows 10 Unified Endpoint Management, VMware Appreciation and acknowledgment for considerable contributions from the following subject matter experts: Camilo Lotero, Senior Technical Marketing Manager, End-User-Computing Technical Marketing, VMware Justin Sheets, Senior Technical Marketing Manager, End-User-Computing Technical Marketing, VMware Contributors to this version include Andrew Hornsby, Product Manager, Mobile Identity, VMware Vikas Jain, Director, Product Management, VMware Workspace ONE, VMware Ben Siler, Product Marketing Manager, VMware Workspace ONE, VMware Contributors to the original document include Oliver Forder, Lead End-User-Computing Specialist, EMEA End-User-Computing Practice, VMware Neil Tarbit, Director, Systems Engineering, End-User Computing, VMware Roger Deane, Senior Manager, End-User-Computing Technical Marketing, VMware Hannah Jernigan, Technical Marketing Manager, End-User-Computing Technical Marketing, VMware To comment on this paper, contact VMware End-User-Computing Technical Marketing at euc_tech_content_feedback@vmware.com. REVIEWER S GUIDE 29

VMware, Inc. 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www.vmware.com Copyright 2017 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies. Item No: VMW-RG-CLDBASEDWKSPONEMOBISSO-IDM3_0-AW-9_2-USLTR-20171122-WEB 11/17

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback