Category: Workspace ONE

  • Notes from the field: The one that Android said no more local

    On one of my projects, we’ve encountered a strange issue regarding domain name resolving. A little background on the canvas painted it’s about a VMware Workspace ONE setup with working web URL’s and UEM enrollments, you name it. We have a nice setup regarding managed devices and these use a per-app VMware tunnel connection to…

  • Notes from the lab: Citrix ShareFile and VMware Access SSO

    When configuring Citrix ShareFile for an SSO experience with your Microsoft Active Directory setup we have the following guides to use it from Citrix. See How to Configure Single Sign-On (SSO) for ShareFile (citrix.com) Well I’m having my setup with another Identity Provider in my own lab and still want to achieve an managed SSO…

  • Notes from the lab: VMware UAG content gateway and an A+ rating

    In addition to Jesper Alberts his blog a follow up with another custom UAG edge service which has it quirks called the content gateway. For the SEG article see vJAL.nl – Secure Email Gateway Now diving in, when you configure the edge service you have the following options to configure Custom Values for Content Gateway…

  • Notes from the field: VMware Access Kerberos integration and Office 365

    Okay let’s say you have your setup for VMware Access nicely configured with your directory search attribute configured as userPrincipalName because that’s the modern way with all cloud services etc. and configured your inbound Kerberos authentication through the IDP of the Access connector. Everyone is happy and all is working well with external connections, internal…

  • Notes from the field: VMware Workspace ONE UEM and Android Zero Touch

    On a recent project we were implementing Android Zero Touch for out of the box enrollment through WS1 UEM. For a detailed explanation what Android Zero Touch is take a look at the following URL: Zero-touch enrollment for IT admins – Android Enterprise Help When the Zero Touch Portal is enabled through the reseller and…

  • Notes from the field: VMware Access with VMware UAG and JWT validation

    It’s been a while since I’ve retested the setup with validating gateway request with JWT entries, because I thought it was depending on an appliance such as F5 for it to work. See Launching Horizon Resources Through Validating Gateways (vmware.com) I did try and configure it none the less but never got it farther then…

  • Notes from the field: VMware Access Roles and RBAC bug

    On recent projects we where configuring RBAC roles in VMware Access Cloud and stumbled across something annoying which turned out to be a bug. The issue is that when you assign the RBAC roles through super admin, read only admin and directory admin that once added you can’t delete or re-add the same group, it…

  • Notes from the lab: VMware UAG 2106 and Admin SAML

    VMware introduced SAML login capabilities for the admin facing side of UAG with version 2106. See the following article: Release Notes for VMware Unified Access Gateway 2106 This quick home lab blog shows how easy it is and how to integrate this with VMware Workspace ONE Access as your entry point. First things first, before…

  • Notes from the field: VMware Access connector support LDAP Signing and Channel Binding

    Quite recently I’ve encountered a random synchronization error that VMware Access connector could not synchronize and would error out with the following error: “Connector communication failed because of invalid data: The specified Bind DN and password could not be used to successfully authenticate against the directory” At first I stumbled upon the known issues list:…

  • Notes from the field: Configuring SentinelOne SSO with VMware Workspace ONE Access

    SentinelOne’s configuration can be achieved after you have a valid account and support login. Afterwards its pretty easy to configure the SSO part. In the cloud console of SentinelOne go to Settings>>Integrations>>SSO Configure the following items for SSO usage: IDP Redirect URL: https://workspaceoneaccessurl:443/SAAS/API/1.0/GET/apps/launch/app/uniqueapplicationid IssuerID: https://workspaceoneaccessurl/SAAS/API/1.0/GET/metadata/idp.xml Configure the rest of the items at your own requirements…