Scribd
Upload
344 views29 pages

Vmware Workspace One Overview and Documentation Reference Guide

Vmware Workspace One Overview and Documentation Reference Guide

Uploaded by

Ion Vladescu
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
344 views29 pages

Vmware Workspace One Overview and Documentation Reference Guide

Vmware Workspace One Overview and Documentation Reference Guide

Uploaded by

Ion Vladescu
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 29

VMware Workspace ONE Overview and

Documentation Reference Guide

Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on
support.air-watch.com.
Copyright © 2018 VMware, Inc. All rights reserved. This product is protected by copyright and intellectual property laws in the United States and other countries as well as by
international treaties. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents.
VMware is a registered trademark or trademark of VMware, Inc. in the United States and other jurisdictions. All other marks and names mentioned herein may be trademarks of their
respective companies.

VMware Workspace ONE Overview and Documentation Reference Guide | v.2018.09 | September 2018
Copyright © 2018 VMware, Inc. All rights reserved.

1
Table of Contents
Chapter 1: Introduction to the VMware Workspace ONE Overview and Reference
Guide 4
Scope of This Documentation 4
Workspace ONE Component Description 4
Supported Use Cases 5
About VMware Content Sites 5

Chapter 2: Workspace ONE Installation 7


Components for Installation 7
Workspace ONE Installation Content 8

Chapter 3: App Access and Management 11


Direct Enrollment 11
Virtual Desktops 11
Unified App Catalog 11
Native Apps 12
Self Service Access to Non-Native Apps 12
App Access and Management Content 13

Chapter 4: Mobile SSO for App Access and Management 15


Mobile SSO Content 16

Chapter 5: Unified Endpoint Management 17


Device Management and Privacy 17
Modern Management for Windows 10 17
Unified Endpoint Management Content 19

Chapter 6: Conditional Access 21


Access Policies and Compliance Policies 21
VMware Tunnel 21
Certificate Based Authentication (CBA) 21
Conditional Access Content 22

VMware Workspace ONE Overview and Documentation Reference Guide | v.2018.09 | September 2018
Copyright © 2018 VMware, Inc. All rights reserved.

2
Chapter 7: Identity Providers for Conditional Access 24
VMware Identity Manager as the Identity Provider (IDP) 24
Third-Party Identity Providers 24
Identity Provider Content 25

Chapter 8: Enterprise Productivity 27


Secure Email 27
Productivity Apps 27
SDK for Android and iOS 27
Enterprise Productivity Content 28

VMware Workspace ONE Overview and Documentation Reference Guide | v.2018.09 | September 2018
Copyright © 2018 VMware, Inc. All rights reserved.

3
Chapter 1:
Introduction to the VMware Workspace
ONE Overview and Reference Guide
VMware Workspace™ ONE™ deploys and manages resources to a single digital workspace on iOS, Android, macOS, and
Windows 10 devices. Services are built on the integration of VMware Workspace ONE™ UEM (Unified Endpoint
Management), VMware Identity Manager™, and VMware Horizon®.
Review a high-level explanation of Workspace ONE with descriptions of its integrated systems and the use cases it
currently supports.

Scope of This Documentation


The Workspace ONE platform offers many capabilities. However, this depth has lent to the creation of content not only
on technical documentation sites, but also on technical marketing sites, and on internal and external professional
support sites.
This overview and reference guide is an effort to consolidate documentation and to capture the knowledge sourced in
the field. It lists the documentation available to install the platform and to configure capabilities. It also offers resources
found on technical marketing sites and professional support sites.

Workspace ONE Component Description


Workspace ONE is a set of integrated systems that includes Workspace ONE UEM (unified end-point management),
VMware Identity Manager, and VMware Horizon.
l VMware Identity Manager services provide the identity-related components, including authentication for users who
use single sign-on to access their resources. You create a set of policies that relate to networking and authentication
to control access to these resources.

l Workspace ONE UEM services, formerly AirWatch, provide device enrollment, application distribution, and
compliance checking tools to ensure that remote access devices meet corporate security standards. Users from
enrolled devices can log in to their enabled applications securely without entering multiple passwords.

VMware Workspace ONE Overview and Documentation Reference Guide | v.2018.09 | September 2018
Copyright © 2018 VMware, Inc. All rights reserved.

4
Chapter 1: Introduction to the VMware Workspace ONE Overview and Reference Guide

l VMware Horizon services provide remote desktops and applications in the data center, and deliver these desktops
and applications to employees as managed services. End users gain a familiar, personalized environment that they
can access from any number of devices anywhere throughout the enterprise or from home. Administrators gain
centralized control, efficiency, and security by having desktop data in the data center.

Supported Use Cases


Workspace ONE offers solutions for the listed use cases.
l App Access and Management

l Unified Endpoint Management

l Identity Integration

l Enterprise Productivity

About VMware Content Sites


This documentation cites content from the listed resources. Some sites require registration.

VMware Workspace ONE Overview and Documentation Reference Guide | v.2018.09 | September 2018
Copyright © 2018 VMware, Inc. All rights reserved.

5
Chapter 1: Introduction to the VMware Workspace ONE Overview and Reference Guide

Note: This documentation links to content outside of https://docs.vmware.com/. Content from some sites are
sourced from the field and are not fully vetted by research and development. Content might be aged or out-of-date
from the latest released products and solutions.

l VMware Docs - https://docs.vmware.com/

l VMware Code - https://code.vmware.com

l VMware Digital Workspace Tech Zone - https://techzone.vmware.com/

l VMware EUC Blog - https://blogs.vmware.com/euc/

l VMware Technology Network - https://communities.vmware.com/welcome

l VMware TestDrive - https://portal.vmtestdrive.com/

VMware Workspace ONE Overview and Documentation Reference Guide | v.2018.09 | September 2018
Copyright © 2018 VMware, Inc. All rights reserved.

6
Chapter 2:
Workspace ONE Installation
Workspace ONE is built on the endpoint and identity management infrastructures of Workspace ONE UEM and VMware
Identity Manager. It can also integrate with VMware Horizon to offer robust features for the digital workspace.
To install and configure Workspace ONE, use an instance of VMware Identity Manager and Workspace ONE UEM.
Configure and deploy policies in these two systems to the Workspace ONE app on devices.
If you already use virtual desktops and apps, integrate VMware Horizon 7 with VMware Identity Manager to leverage
these virtual resources.

Components for Installation


The Workspace ONE platform uses connectors to integrate components. These systems communicate through the
connectors, and this enables admins to send policies and configurations through their respective consoles to the
Workspace ONE app on devices.
l VMware Identity Manager - Offers user directories, access policies, web apps, and authentication methods, to
control user access to resources.

l Workspace ONE UEM - Uses device, app, content, and email management to control the endpoint access to
resources.

l VMware Horizon - Runs remote desktops and applications in the data center, and delivers these virtual desktops
and applications to employees as a managed service.

l VMware AirWatch Cloud Connector - This component is the unified connector for the Workspace ONE platform. It
has two components: AirWatch Cloud Connector (ACC) and the VMware Identity Manager Connector.

VMware Workspace ONE Overview and Documentation Reference Guide | v.2018.09 | September 2018
Copyright © 2018 VMware, Inc. All rights reserved.

7
Workspace ONE Installation Content
Find technical documentation, technical notes, and technical marketing resources for installing Workspace ONE
components.
Component Technical Documentation
Introductory Content
Workspace ONE l Introduction to Workspace ONE
Introduction https://docs.vmware.com/en/VMware-Workspace-ONE/services/WS1-IDM-
deploymentguide/GUID-D398B4CD-0443-479E-B5F4-6DD8621FAF55.html

l Workspace ONE resources on VMware Digital Workspace Tech Zone


https://techzone.vmware.com/resource/workspace-one

l Workspace ONE tract on TestDrive by VMware


https://portal.vmtestdrive.com/products/empower-digital-workspace
Architecture l Workspace ONE Architecture Overview
https://docs.vmware.com/en/VMware-Workspace-ONE/services/WS1-IDM-
deploymentguide/GUID-826D5409-98C6-4A37-B4A9-B3DFD244AAE8.html

l VMware Workspace ONE Reference Architecture for SaaS Deployments


https://techzone.vmware.com/resource/vmware-workspace-one-reference-
architecture-saas-deployments

l VMware Workspace ONE and VMware Horizon 7 Enterprise Edition On-Premises


Reference Architecture
https://techzone.vmware.com/resource/vmware-workspace-one-and-vmware-
horizon-7-enterprise-edition-premises-reference
Requirements for Requirements
Workspace ONE https://docs.vmware.com/en/VMware-Workspace-ONE/services/WS1-IDM-
deploymentguide/GUID-529C4EA5-091F-43B7-84B2-3B5C579B8155.html
Installation Components for On-Premises
VMware Identity Manager

VMware Workspace ONE Overview and Documentation Reference Guide | v.2018.09 | September 2018
Copyright © 2018 VMware, Inc. All rights reserved.

8
Chapter 2: Workspace ONE Installation

Component Technical Documentation


VMware Identity Manager About Installing and Configuring VMware Identity Manager for Linux
Installer, Linux https://docs.vmware.com/en/VMware-Identity-Manager/3.3/vidm-install/GUID-
96E2F98A-5B90-4F81-A302-8264E6362494.html
VMware Identity Manager About Installing and Configuring VMware Identity Manager for Windows
Installer, Windows https://docs.vmware.com/en/VMware-Identity-Manager/3.3/vidm_windows_
install/GUID-11C3F077-16D2-4D31-AD3C-2732F031F779.html
Workspace ONE UEM
Workspace ONE UEM Workspace ONE UEM Installation
Installation and Architecture https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/9.7/vmware-airwatch-
guides-97/GUID-AW97-Install_Intro.html
VMware Horizon
VMware Horizon 7 Horizon 7 Installation
https://docs.vmware.com/en/VMware-Horizon-7/7.6/horizon-installation/GUID-
37D39B4F-5870-4188-8B11-B6C41AE9133C.html
Auxiliary Components
VMware Enterprise Systems VMware Enterprise Systems Connector Installation and Configuration
Connector https://docs.vmware.com/en/VMware-Identity-Manager/3.2/com.vmware.aw-
enterpriseSystemsConn/GUID-2D63FE8B-0C73-49CC-B237-EA951CFD719B.html
Integrations
Workspace ONE UEM and Integrating Workspace ONE UEM With VMware Identity Manager
VMware Identity Manager https://docs.vmware.com/en/VMware-Workspace-ONE/services/WS1-IDM-
deploymentguide/GUID-F072888F-FC6F-4A6B-9574-2CAAE7E96A85.html
VMware Horizon with l Providing Access to View, Horizon 6, or Horizon 7 Desktop and Application Pools
VMware Identity Manager https://docs.vmware.com/en/VMware-Identity-
Manager/services/com.vmware.wsair-resource/GUID-5ED7E551-76CE-4B0F-9D30-
EEE53C39BD67.html

l Using SAML Authentication


https://docs.vmware.com/en/VMware-Horizon-7/7.6/horizon-
administration/GUID-B08D6C13-8AA0-4B2C-A70F-C221ADFFF1D2.html

VMware Workspace ONE Overview and Documentation Reference Guide | v.2018.09 | September 2018
Copyright © 2018 VMware, Inc. All rights reserved.

9
Chapter 2: Workspace ONE Installation

Component Technical Documentation


VMware Identity Manager l Integrate a Horizon Cloud Node with a VMware Identity Manager Environment
and Horizon Cloud Service https://docs.vmware.com/en/VMware-Horizon-Cloud-
Service/services/hzncloudmsazure.admin15/GUID-6F252F50-0304-47EF-A207-
5D36FDF40FAC.html

l Providing Access to VMware Horizon Cloud Service Desktops and Applications


https://docs.vmware.com/en/VMware-Identity-
Manager/services/com.vmware.wsair-resource/GUID-361DF7AB-D944-4E87-8F6E-
7F0425D23ACD.html
VMware Identity Manager l Providing Access to Citrix-Published Resources
and Citrix https://docs.vmware.com/en/VMware-Identity-
Manager/services/com.vmware.wsair-resource/GUID-66F24F8D-72BE-43EA-A81C-
B041AD631E4A.html

l Troubleshoting Citrix-Published Resources Configuration in VMware Identity


Manager
https://docs.vmware.com/en/VMware-Identity-
Manager/service/TroubleshootingVIDM_Citrix_Configuration.pdf

Getting Started Wizard


Workspace ONE Getting Using the Workspace ONE Getting Started Wizard
Started Wizard https://docs.vmware.com/en/VMware-Workspace-ONE/services/ws1_
quickconguration/GUID-667C3147-EC4E-4396-A50D-71E248903063.html

VMware Workspace ONE Overview and Documentation Reference Guide | v.2018.09 | September 2018
Copyright © 2018 VMware, Inc. All rights reserved.

10
Chapter 3:
App Access and Management
Workspace ONE enables app access and management through the deployment of web and virtual apps with a unified
app catalog, management of devices with direct enrollment and virtual desktops, and one-touch access to these
resources through mobile SSO for Android and iOS.

Direct Enrollment
Direct enrollment requires devices to enroll with Workspace ONE UEM before they can access app resources in
Workspace ONE. This requirement enrolls devices as managed access and there are benefits to this process.
l Offers a convenient way for users to enroll with Workspace ONE with less setup on devices.

l Makes resources immediately accessible to managed devices.

Note: If you do not assign managed access to devices, they are enrolled in Workspace ONE UEM as unmanaged.
Unmanaged devices have access to resources configured as open access.

Virtual Desktops
Virtual desktops enable users from any trusted connection to access managed virtual apps located in the data center.
Create desktop pools that include thousands of virtual desktops with Horizon 7 and deploy them on virtual machines
and physical machines. Use a master image to generate a pool of virtual desktops. Users access app resources in the data
center from these virtual pools.

Unified App Catalog


One of the roles of the Workspace ONE app is to be a unified app catalog. Deploy it to iOS, Android (legacy and
Enterprise), macOS, and Windows 10 devices. Configure apps in Workspace ONE UEM as open or managed access.
l Managed Access - Device users access resources by granting admins permissions on their devices (installs a
management profile on the device).

VMware Workspace ONE Overview and Documentation Reference Guide | v.2018.09 | September 2018
Copyright © 2018 VMware, Inc. All rights reserved.

11
Chapter 3: App Access and Management

l Open Access - Device users access resources without granting admins permissions on their devices. The app is
available to devices no matter their managed status.

Native Apps
Deploy native apps through the unified app catalog from Workspace ONE UEM. Native apps include internally developed
apps, free and paid public apps, and purchased apps from Apple's Volume Purchase Program (VPP). Most native apps
can deploy as managed or open access to meet device ownership models.

Self Service Access to Non-Native Apps


Users can select virtual and web (or SaaS) apps through the catalog depending on their needs. If the app is available, they
do not have to requisition it. These types of non-native apps depend on an Internet connection and are not restricted by
platform.
Workspace ONE supports several platform agnostic app types such as virtual apps, Citrix apps, and web apps.
l Virtual Apps - Virtual apps can reside in a data center and you access them from virtual desktops. Virtual apps are
advantageous because they are persistent. If a device fails, the app data still exists in the data center.
If you have existing VMware Horizon and Citrix virtual apps, deploy them to non-virtual devices by integrating these
resources with virtual apps collections in VMware Identity Manager. Then deploy them to devices through the
Workspace ONE catalog.

l SaaS/Web Apps - Web or SaaS apps live in the cloud and users access them by URL. Upload web apps through
VMware Identity Manager and SaaS apps through Workspace ONE UEM.

VMware Workspace ONE Overview and Documentation Reference Guide | v.2018.09 | September 2018
Copyright © 2018 VMware, Inc. All rights reserved.

12
App Access and Management Content
Find technical documentation for configuring app access and management resources.
Component Documentation
Access Through Devices
Workspace ONE l Direct Enrollment in AirWatch Using Workspace ONE
UEM Direct https://docs.vmware.com/en/VMware-Workspace-ONE/services/WS1-IDM-
Enrollment deploymentguide/GUID-47B41EEB-B421-44CD-85D6-FDD2B74574F5.html

l Workspace ONE Direct Enrollment


https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/9.7/vmware-airwatch-guides-
97/GUID-AW97-WorkspaceONE_DirectEnrollment.html
Virtual Desktops l Setting Up Virtual Desktops in Horizon 7
https://docs.vmware.com/en/VMware-Horizon-7/7.6/horizon-virtual-desktops/GUID-
69AACA49-CF5E-4B55-99BF-BFE4DFBDE7CE.html

l Setting Up Horizon 7 for Linux Desktops


https://docs.vmware.com/en/VMware-Horizon-7/7.6/linux-desktops-setup/GUID-E6825232-
3188-4507-B757-0CF743047282.html

Apps
Unified App l Migrating VMware AirWatch Catalog to Workspace ONE Catalog
Catalog https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/9.7/vmware-airwatch-guides-
97/GUID-AW97-AppCat_MigratingAppCat_to_WS1Cat.html

l Enable Workspace ONE Catalog for Workspace ONE


https://docs.vmware.com/en/VMware-Workspace-ONE/services/WS1-IDM-
deploymentguide/GUID-05AF662D-F0A1-4475-A3DE-91C5CD9992B2.html

l Using the Workspace ONE Catalog


https://docs.vmware.com/en/VMware-Workspace-ONE/services/WS1-IDM-
deploymentguide/GUID-7FB9D8F2-7C39-448C-8C39-07B7D5C0B4E3.html
Open Access Workspace ONE UEM Applications and the Workspace ONE Managed Access Feature
and Managed https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/9.7/vmware-airwatch-guides-
Access of Apps 97/GUID-AW97-WS1_ManageOrNot_Reasons.html

VMware Workspace ONE Overview and Documentation Reference Guide | v.2018.09 | September 2018
Copyright © 2018 VMware, Inc. All rights reserved.

13
Component Documentation
Native Apps - l Add Public Applications from an App Store
Public, Internal, https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/9.7/vmware-airwatch-guides-
and Purchased 97/GUID-AW97-Config_Public_Apps_WS1.html

l Add and Deploy Internal Applications as a Local File


https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/9.7/vmware-airwatch-guides-
97/GUID-AW97-Config_Internal_Apps_Local.html

l Supported Content for Purchased Applications


https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/9.7/vmware-airwatch-guides-
97/GUID-AW97-VPP_Supported.html
Web Apps l Providing Access to Web Applications
SaaS Apps https://docs.vmware.com/en/VMware-Identity-Manager/services/com.vmware.wsair-
resource/GUID-57B66680-A118-47DD-B3A3-81EAD6D6CAA7.html

l SaaS Applications in Workspace ONE UEM


https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/9.7/vmware-airwatch-guides-
97/GUID-AW97-SaaS_Concept.html
Virtual Apps Using Virtual Apps Collections for Desktop Integrations
https://docs.vmware.com/en/VMware-Identity-Manager/services/com.vmware.wsair-
resource/GUID-577D4812-0206-4DFC-B510-24C3D304AD6D.html

VMware Workspace ONE Overview and Documentation Reference Guide | v.2018.09 | September 2018
Copyright © 2018 VMware, Inc. All rights reserved.

14
Chapter 4:
Mobile SSO for App Access and
Management
Mobile SSO works with apps that are accessed from the cloud. To enable one touch access, use Security Assertion
Markup Language (SAML) to authenticate a user between the identity provider and the service provider in the cloud. As
long as the device accessing the app has a live Workspace ONE app connection, the user does not need to authenticate
to use the app.
Workspace ONE offers mobile SSO for iOS and Android resources.
l iOS - Uses a key distribution center (KDC) without the use of a connector or a third-party system. Kerberos
authentication provides users, who are successfully signed in to their domain, access to their Workspace ONE apps
portal without additional credential prompts.

l Android - Uses certificate authentication and the VMware Tunnel mobile app. The VMware Tunnel client is
configured to access the VMware Identity Manager service for authentication. The tunnel client uses the client
certificate to establish a mutually authenticated SSL session and the VMware Identity Manager service retrieves the
client certificate for authentication.

VMware Workspace ONE Overview and Documentation Reference Guide | v.2018.09 | September 2018
Copyright © 2018 VMware, Inc. All rights reserved.

15
Mobile SSO Content
Find technical documentation for configuring mobile SSO.
Component Documentation
Mobile SSO Configuring Mobile Single Sign-On
Wizard in https://docs.vmware.com/en/VMware-Workspace-ONE/services/ws1_quickconguration/GUID-
Workspace ONE 1506363B-02BA-470A-ACE3-56FB75B5C53A.html
UEM
Mobile SSO for Implementing Mobile Single Sign-in Authentication for Workspace ONE UEM-Managed iOS Devices
iOS https://docs.vmware.com/en/VMware-Workspace-ONE/services/WS1-IDM-
deploymentguide/GUID-3EC86F69-6F6E-4C48-A5D9-F319562B6B9C.html
Mobile SSO for Implementing Mobile Single Sign-On Authentication for Workspace ONE UEM Managed Android
Android Devices
https://docs.vmware.com/en/VMware-Workspace-ONE/services/WS1_android_sso_config/GUID-
1E5128A5-1394-4A50-8098-947780E38166.html

VMware Workspace ONE Overview and Documentation Reference Guide | v.2018.09 | September 2018
Copyright © 2018 VMware, Inc. All rights reserved.

16
Chapter 5:
Unified Endpoint Management
Workspace ONE enables you to manage endpoints while still providing privacy by controlling the collection of data. It
also enables the transition from the legacy management of Windows resources to the modern management of Windows
10.

Device Management and Privacy


Manage Android, iOS, macOS, and Windows Desktop devices from a single location in the Workspace ONE UEM console.
Perform functions on a particular set of devices using many different screens in the console. The console offers various
management screens including the Hub, device dashboards, device list views, and device detail views.
Offer end-user privacy while also managing corporate-owned resources with privacy settings in Workspace ONE UEM.
Privacy settings provide granular control over what data is collected from users and what collected data is viewable by
admins.

Modern Management for Windows 10


Modern Windows management for Windows 10 updates the deployment, control, and management of Windows
Desktop devices. In the traditional management of Windows resources, admins need multiple tools to deploy and
manage resources. However, with modern management, admins can work from one location in Workspace ONE.
Modern methods for Windows management update these processes.
l Enrollment - Select from several ways to enroll Windows 10 devices when you integrate your Active Directory (AD)
system. Workspace ONE UEM supports enrollment through Azure AD, Out of Box, and Office 365 Apps.
Workspace ONE supports the auto-enrollment of specific Windows Desktop devices purchased from Dell. Auto-
enrollment simplifies the enrollment process by automatically enrolling registered devices following the Out-of-Box-
Experience.

l Provisioning - Use device profiles to provision and configure Windows Desktop devices to meet business needs.
Some useful profiles are listed.

VMware Workspace ONE Overview and Documentation Reference Guide | v.2018.09 | September 2018
Copyright © 2018 VMware, Inc. All rights reserved.

17
Chapter 5: Unified Endpoint Management

o Encryption - Secures data on devices by working with the native BitLocker encryption policy.
o Wi-Fi - Connects devices to hidden, encrypted, or password-protected networks.
o VPN - Provide remote and secure access to internal networks.

l App Distribution - Distribute Win32 apps with the software distribution or the peer distribution features. These
features enable the distribution of large apps along with their complex installation requirements from the Workspace
ONE UEM console.
Software distribution offers management of the app lifecycle that includes add, configure, deploy, track, update and
version, and delete from the console.
Peer distribution offers the same management capabilities but reduces the traffic on communication channels and
the time to download and install.

l Patches and Updates - Use the Windows Updates profile to ensure that Windows 10 devices remain up to date.

VMware Workspace ONE Overview and Documentation Reference Guide | v.2018.09 | September 2018
Copyright © 2018 VMware, Inc. All rights reserved.

18
Chapter 5: Unified Endpoint Management

Unified Endpoint Management Content


Find technical documentation and technical marketing content about unified endpoint management.
Component Documentation
Device Management and Privacy
Device Management, General Managing Devices
https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/9.7/vmware-airwatch-
guides-97/GUID-AW97-ManagingDevicesOverview.html
Device Management, By Device Management (By Platform)
Platform https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/9.7/vmware-airwatch-
guides-97/GUID-AW97-Advanced_Dev_Mgmt_Overview.html
Privacy Settings for Devices Configure Privacy Settings
https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/9.7/vmware-airwatch-
guides-97/GUID-AW97-ConfigurePrivacySettings.html
Modern Management of Windows 10
Windows 10 Management in l Reviewer's Guide for Windows 10 Unified Endpoint Management in AirWatch
Workspace ONE UEM https://techzone.vmware.com/resource/reviewers-guide-windows-10-unified-
endpoint-management-airwatch

l Experience Workspace ONE on Windows 10


https://kb.vmtestdrive.com/hc/en-us/articles/360001152734-Experience-
Workspace-ONE-on-Windows-10

l Operational Tutorial for VMware Workspace ONE: Moving Windows 10 to Modern


Management
https://techzone.vmware.com/operational-tutorial-vmware-workspace-one-uem-
moving-windows-10-modern-management
Enrollment l Enrollment Through Azure AD Integration
https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/9.7/vmware-
airwatch-guides-97/GUID-AW97-Enroll_Cloud.html

l Enabling the Out of Box Experience for Workspace ONE on Dell Windows 10 Devices
https://docs.vmware.com/en/VMware-Workspace-ONE/services/aw-vidm-
ws1integration-/GUID-00695A55-D710-4878-B59A-5BF95AFF5BDF.html

VMware Workspace ONE Overview and Documentation Reference Guide | v.2018.09 | September 2018
Copyright © 2018 VMware, Inc. All rights reserved.

19
Chapter 5: Unified Endpoint Management

Component Documentation
Provisioning l Configure a Wi-Fi Profile (Windows Desktop)
https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/9.7/vmware-
airwatch-guides-97/GUID-AW97-Profile_WiFiConfigWD.html

l VPN Profile (Windows Desktop)


https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/9.7/vmware-
airwatch-guides-97/GUID-AW97-Profile_VPNOverviewWD.html

l Encryption Profile (Windows Desktop)


https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/9.7/vmware-
airwatch-guides-97/GUID-AW97-Profile_EncryptOverviewWD.html
App Distribution l Peer Distribution for Win32 Applications
https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/9.7/vmware-
airwatch-guides-97/GUID-AW97-P2P_Dist_Opt.html

l Distribution of Win32 Applications


https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/9.7/vmware-
airwatch-guides-97/GUID-AW97-Win32_SofDist_Dscrptn.html
Patches and Updates Configure a Windows Updates Profile (Windows Desktop)
https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/9.7/vmware-airwatch-
guides-97/GUID-AW97-Profile_WAU_ConfigWD.html

VMware Workspace ONE Overview and Documentation Reference Guide | v.2018.09 | September 2018
Copyright © 2018 VMware, Inc. All rights reserved.

20
Chapter 6:
Conditional Access
Workspace ONE offers many conditional access options. Use VMware Identity Manager as your identity provider (IDP) or
use a third-party identity provider to offer the level of authentication that is best for the device, user, and app.
Use more than one method for extra control. For example you can set access policies at the app level, set compliance
policies at the device level, and use VMware Tunnel to secure the connection between the app and the device.

Access Policies and Compliance Policies


Access policies for web (SaaS) apps include rules that specify criteria to meet for access. Criteria include network ranges,
device types, authentication methods, and session lengths. Configure these policies in VMware Identity Manager or in
Workspace ONE UEM.
The compliance engine in Workspace ONE UEM secures apps and devices and can prevent compromised resources from
accessing your network.

VMware Tunnel
The VMware Tunnel provides a secure method for individual apps to access corporate resources. It authenticates and
encrypts traffic from individual apps on compliant devices to the back-end system they are trying to reach.

Note: For this method to work, devices must be managed by Workspace ONE UEM.

Certificate Based Authentication (CBA)


Certificate based authentication (CBA) requires a certificate from the user to establish trust and allow access to apps. To
use this option, ensure that the app supports CBA for the desired platform. Workspace ONE UEM supports numerous
certificate authorities as does VMware Identity Manager.

VMware Workspace ONE Overview and Documentation Reference Guide | v.2018.09 | September 2018
Copyright © 2018 VMware, Inc. All rights reserved.

21
Conditional Access Content
Find technical documentation for configuring conditional access.
Component Documentation
Policies
Access Policies l Use Access Policies with SaaS Applications
https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/9.7/vmware-airwatch-
guides-97/GUID-AW97-Access_Policy_Concept.html

l Managing Access Policies


https://docs.vmware.com/en/VMware-Identity-Manager/services/idm-administrator_
aw/GUID-92481E64-0CFF-43DD-9C0B-458BC3322A6A.html

l Configure Workspace ONE Access Policies in Horizon Administrator


https://docs.vmware.com/en/VMware-Horizon-7/7.6/horizon-administration/GUID-
8A0749AB-42C2-4B3E-920A-21C80A2CB269.html

l Considerations for Workspace ONE Mode


https://docs.vmware.com/en/VMware-Horizon-7/7.6/horizon-cloud-pod-
architecture/GUID-848E758D-297B-4FD0-B0DE-489501039786.html

VMware Workspace ONE Overview and Documentation Reference Guide | v.2018.09 | September 2018
Copyright © 2018 VMware, Inc. All rights reserved.

22
Chapter 6: Conditional Access

Component Documentation
Compliance Policies l Enabling Compliance Checking for Workspace ONE UEM Managed Devices
https://docs.vmware.com/en/VMware-Workspace-ONE/services/WS1-IDM-
deploymentguide/GUID-EF834B6D-C3EC-48BA-B38D-1574F7E4B773.html

l Compliance Policies
https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/9.7/vmware-airwatch-
guides-97/GUID-AW97-CompliancePoliciesOverview.html

l Email Compliance Policies


https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/9.7/vmware-airwatch-
guides-97/GUID-AW97-Email-Policies.html

l Compliance for Mobile Application Management


https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/9.7/vmware-airwatch-
guides-97/GUID-AW97-MAM_Compliance.html

l Configure the Health Attestation for Windows Desktop Compliance Policies


https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/9.7/vmware-airwatch-
guides-97/GUID-AW97-Compliance_HealthAttest.html

VMware Tunnel
VMware Tunnel Introduction to VMware Tunnel
https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/9.7/vmware-airwatch-
guides-97/GUID-AW97-Tunnel_Introduction.html
Certificate Based Authentication (CBA)
CBA Support in Supported Certificate Authorities
Workspace ONE UEM https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/9.7/vmware-airwatch-
guides-97/GUID-AW97-Cert-Management-Splash.html
CBA Support in VMware Configuring a Certificate or Smart Card Adapter for Use with VMware Identity Manager
Identity Manager https://docs.vmware.com/en/VMware-Identity-Manager/services/idm-administrator_
aw/GUID-5E0247E4-BA40-4266-8888-F748D8E2B728.html

VMware Workspace ONE Overview and Documentation Reference Guide | v.2018.09 | September 2018
Copyright © 2018 VMware, Inc. All rights reserved.

23
Chapter 7:
Identity Providers for Conditional Access
Use VMware Identity Manager or integrate with third-party identity providers to configure conditional access for your
Workspace ONE deployment.

VMware Identity Manager as the Identity Provider (IDP)


VMware Identity Manager can act as the identity provider service using your existing Active Directory infrastructure.

Third-Party Identity Providers


If you already use an identity provider, integrate it with VMware Identity Manager or Workspace ONE UEM and use it to
secure access to resources in Workspace ONE.
You can integrate several IDPs with Workspace ONE that include, but are not limited to the following list.
l Active Directory Federation Service (ADFS)

l AzureAD Identity Services

l Okta

l OneLogin

l PingFederate

VMware Workspace ONE Overview and Documentation Reference Guide | v.2018.09 | September 2018
Copyright © 2018 VMware, Inc. All rights reserved.

24
Identity Provider Content
Find technical documentation and technical notes for integrating third-party identity providers.

Note: This topic references content from https://communities.vmware.com/blogs/identityville. The content on this
site is sourced from the field and not from research and development. It might be aged or out-of-date from the latest
released products and solutions.

Component Documentation
Identity Providers (General)
Third-Party Identity l Configuring a Third-Party Identity Provider Instance to Authenticate Users
Providers https://docs.vmware.com/en/VMware-Identity-Manager/services/idm-administrator_
aw/GUID-C04AED8C-0D84-4DA6-A6DA-8DCBC8341E6E.html

l Providing Access to Third-Party Managed Applications in Workspace ONE


https://docs.vmware.com/en/VMware-Identity-Manager/services/com.vmware.wsair-
resource/GUID-EE0BCFF6-1B37-42CF-A881-DFC1EF24E9DA.html

l VMware Workspace ONE Integration with Third Party Identity Providers


https://communities.vmware.com/blogs/identityville/2017/01/03/vmware-workspace-
one-integration-with-third-party-identity-providers

l EUC CST Tech Notes - Setting Up a 3rd Party IdP in VMware Identity Manager
https://communities.vmware.com/docs/DOC-34295

Identity Provider (Native to Workspace ONE)


VMware Identity l Configuring User Authentication in VMware Identity Manager
Manager as the Identity https://docs.vmware.com/en/VMware-Identity-Manager/services/idm-administrator_
Provider aw/GUID-04224060-D467-4DE0-BB08-B21E0AA9817D.html

l VMware Identity Manager REST API documentation


For OAuth2 and Open ID Connect (OIDC) for Mobile Apps
https://code.vmware.com/apis/57/idm

Identity Providers (Specific)


Active Directory VMware Identity Manager and AD FS Integration – VMware Identity Manger as claims
Federation Service provider for mobile authentication
(ADFS) https://communities.vmware.com/blogs/identityville/2017/04/20/vmware-identity-
manager-and-ad-fs-30-integration-vmware-identity-manger-as-claims-provider-for-mobile-
authentication

VMware Workspace ONE Overview and Documentation Reference Guide | v.2018.09 | September 2018
Copyright © 2018 VMware, Inc. All rights reserved.

25
Component Documentation
Azure AD Identity Configure Azure AD Identity Services Integration
Services (Workspace https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/9.7/vmware-airwatch-guides-
ONE UEM) 97/GUID-AW97-Enroll_ConfigAADServices.html
Okta Integrating VMware Workspace ONE with Okta
https://docs.vmware.com/en/VMware-Workspace-ONE/services/workspaceone_okta_
integration/GUID-3CA49953-A8F6-491D-90DF-63588EFC3292.html
OneLogin OneLogin as Federated Identity Provider for VMware Identity Manager
https://communities.vmware.com/blogs/identityville/2016/12/16/onelogin-as-federated-
identity-provider-for-vmware-identity-manager
PingFederate PingFederate as Identity Provider for VMware Identity Manager
https://communities.vmware.com/blogs/identityville/2016/12/22/pingfederate-as-identity-
provider-for-vmware-identity-manager

VMware Workspace ONE Overview and Documentation Reference Guide | v.2018.09 | September 2018
Copyright © 2018 VMware, Inc. All rights reserved.

26
Chapter 8:
Enterprise Productivity
Workspace ONE has several solutions to enable business productivity that are built on the Workspace ONE framework.
Workspace ONE can secure email content, manage Internet browsing, help deploy and secure content, and offer a
software development kit (SDK) to customize internal applications.

Secure Email
Workspace ONE can help secure data in Outlook and Office 365 with data loss prevention (restrictions) policies in the
Workspace ONE UEM console.
Workspace ONE can also enable legacy authentication for Office 365 email clients that use Exchange ActiveSync. Many
organizations choose this path because Exchange ActiveSync clients do not download the user’s entire mailbox, reducing
the risk of data loss.

Productivity Apps
VMware offers several apps for enterprise productivity to deploy through Workspace ONE.
l VMware Boxer - This app provides access to enterprise email, calendar, and contacts across corporate-owned
devices and bring-your-own devices (BYOD). Boxer uses SSL certificates to transmit data and uses AES 256-bit
encryption for data and attachments.

l VMware Browser - This app is an alternative to native browsers. It enables admins to control and secure Internet
browsing behaviors. Browser uses AES 256-bit encryption for streaming, browsing settings, and downloaded files.

l VMware Content Locker - This app enables users to access managed resources deployed to their device. Content
Locker uses SSL certificates to transmit data, AES 256-bit encryption for content deployed in the app, and it uses
NSFileProtectionComplete for iOS.

SDK for Android and iOS


Use the Workspace ONE SDK for Android and iOS to customize internal applications, and add unified endpoint
management features built on the Workspace ONE framework.

VMware Workspace ONE Overview and Documentation Reference Guide | v.2018.09 | September 2018
Copyright © 2018 VMware, Inc. All rights reserved.

27
Enterprise Productivity Content
Find technical documentation for enabling enterprise productivity.
Component Documentation
Profiles and Policies
Data Loss Prevention l Configure Data Loss Prevention for the Default SDK Profile
(Restrictions in https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/9.7/vmware-airwatch-
Workspace ONE UEM) guides-97/GUID-AW97-DLP_Configure.html

l Enforce Restrictions (Android)


https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/9.7/vmware-airwatch-
guides-97/GUID-AW97-AFWProfile_Restrictions.html

l Restrictions Profile Overview (Android (Legacy))


https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/9.7/vmware-airwatch-
guides-97/GUID-AW97-restrictions_reference.html

l Device Restriction Profiles for iOS


https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/9.7/vmware-airwatch-
guides-97/GUID-AW97-iOS_Profile_Restrictions_Concept.html

l Configure a Restrictions Profile (macOS)


https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/9.7/vmware-airwatch-
guides-97/GUID-AW97-MacProfileRestrictions.html

l Configure a Restrictions Payload (Windows Desktop)


https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/9.7/vmware-airwatch-
guides-97/GUID-AW97-Profile_RestrictionsConfigWD.html
Client Access Policies l VMware Identity Manager Integration with Office 365
https://www.vmware.com/pdf/vidm-office365-saml.pdf

l Add Office 365 Applications with a Client Access Policy


https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/9.7/vmware-airwatch-
guides-97/GUID-AW97-SaaS_O365_ClientAccessPlcy.html

VMware Workspace ONE Overview and Documentation Reference Guide | v.2018.09 | September 2018
Copyright © 2018 VMware, Inc. All rights reserved.

28
Chapter 8: Enterprise Productivity

Component Documentation
Productivity Apps
VMware Boxer l Introduction to VMware Boxer
https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/9.7/vmware-airwatch-
guides-97/GUID-AW97-Boxer_Introduction.html

l Introduction to Mobile Flows


https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/9.7/vmware-airwatch-
guides-97/GUID-AW97-MF_intro_OLH.html
VMware Browser Introduction to the VMware Browser
https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/9.7/vmware-airwatch-guides-
97/GUID-AW97-AWB_Introduction.html
VMware Content VMware Content Locker
Locker https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/9.7/vmware-airwatch-guides-
97/GUID-AW97-OverV_CL.html
SDK
Workspace ONE Dev Workspace ONE Dev Center
Center https://code.vmware.com/web/workspace-one
AirWatch SDK for AirWatch SDK for Android
Android https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/9.7/vmware-airwatch-guides-
97/GUID-AW97-SDK_Android.html
AirWatch SDK for iOS AirWatch SDK for iOS (Swift)
(Swift) https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/9.7/vmware-airwatch-guides-
97/GUID-AW97-SDK_iOS_Swift.html
AirWatch SDK for iOS VMware AirWatch iOS SDK Technical Implementation Guide
(Objective-C) https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/vmware_airwatch_
ios_sdk_technical_implementation_guide.pdf

VMware Workspace ONE Overview and Documentation Reference Guide | v.2018.09 | September 2018
Copyright © 2018 VMware, Inc. All rights reserved.

29

You might also like