How to configure Aiwatch 6+ with Aruba Policy Manager 6.2+


This software is designed to manage all devices connecting and connected to a network by integrating with a RADIUS server.

It can allow/deny access, manage network rules, authentication, and SSO as well to push configuration and apps to smart devices within the network.

AirWatch provides information on devices and their management state. Aruba Policy Manager is able to use this information and apply rules and policies to the device.Simple cases include denying access to non managed device or to redirect any non managed device to the enrollment page.The REST API information is quite extensive so advanced rules and operations can be designed.


  • Airwatch 6+
  • Aruba Policy Manager 6.2+

Configuration in AirWatch

AirWatch information to setup and know for the Aruba client:

  1. REST API key
  2. Authentication type
  3. API server URL
  4. Admin user credentials

AirWatch console Setup:

  1. Go to: System / Advanced / API / REST tab general, select Enable API Access
  2. Go to: System / Advanced / API / REST tab authentication, check only Basic
  3. API server URL: e.g.
  4. Create an administrator Role and Account that will be used only for communicating with Aruba
    1. Role needs to have: all the options for REST API MDM + SOAP API
    2. Administrative account that will be part of the above role

Configuration in Aruba

Aruba console Setup:

Go to Administration\\External Servers\\Endpoint Context Servers

Enter the following information

  1. MDM Vendor: airwatch
  2. API server URL
  3. AirWatch Admin Username
  4. AirWatch Admin Password *2
  5. Update frequency (default: 60 minutes)
  6. Rest API key

Verification of Integration

The following steps are showing two ways to verify if Aruba Policy Manager is properly reading information form AirWatch


  1. Go to Aruba Policy Manager go to Monitoring\\Live Monitoring\\Access Tracker
    1. This will display the list of devices that are currently connected to the Aruba Radius.
  2. Click on the IP address of the device to inspect
  3. Go to the Input tab and scroll down to the bottom
    1. Example of a non managed device; no Endpoint tags
    1. Example of a device managed by Airwatch; notice the Endpoint tags


  1. Finding the device

Go to Aruba Policy Manager go to Configuration\\Identity\\Endpoints

This will display the list of devices that are managed by the Aruba Radius by MAC address.


  1. Viewing the information
Click on a device that you know is managed by AW and in the attributes; the AW information will be listed along with information that Aruba picks up automatically.

Using the information from AirWatch in Aruba Policy Manager

In order to use the data provided by AirWatch, appropriate policies need to be setup.

  1. Go to Aruba Policy Manager go to Configuration\\Enforcement\\Policies
  2. Create or modify an existing policy.
  3. Go to the tab Rules
  4. In the Conditions section, for example select:
    1. Type: Endpoint (this will bring the AirWatch data)
    2. Name: MDM Enabled (aka Enrolled; scroll to the bottom of the drop-down to find the parameters provided by AirWatch)
    3. Operator: e.g. NOT_EQUALS
    4. Value: e.g. Enrolled (note that this value may be pre-populated from AirWatch)
5. Select the Enforcement Profile (this is the action performed when all the conditions are met)
Have more questions? Submit a request


Article is closed for comments.