AirWatch and VMware Workspace Portal Integration

The VMware Workspace Portal is a system that combines applications and data into a single space so users can access these enterprise resources on mobile devices and desktops.

If you use both the Workspace Portal and the AirWatch solution, your mobile environment uses separate app catalogs to access enterprise resources. Combine catalogs by integrating your Workspace Portal and the AirWatch App Catalog so that users can access various Workspace Portal resources through the AirWatch App Catalog.

System Requirements

You can use NAPPS with your AirWatch and VMware Workspace Portal deployments if you have  the following systems and applications:

  • AirWatch Admin Console v7.3+
  • VMware Horizon Workspace Suite v2.1+
  • Active Directory service with the same users

Important: Configure the integration of VMware Workspace Portal and AirWatch in an Organization Group that is the same or higher than the Organization Group that contains the Active Directory service.

  • AirWatch Browser 4.1+
  • AirWatch App Catalog
  • View Client 3.0+ to launch Desktop Pools and hosted applications

Note: Currently, accessing VMware Workspace Portal applications through the AirWatch Broswer using NAPPS works on only Apple iOS devices.

Integration Components

Integration of these two systems offers the benefits of resource allocation with VMware Workspace Portal and mobile device management with AirWatch.

To integrate, configure the following processes in AirWatch and in VMware Workspace Portal:

  • Configure VMware Workspace Portal to push applications to AirWatch managed devices through the AirWatch App Catalog and to open in the AirWatch Browser.
  • Configure AirWatch to use VMware Workspace Portal credentials for integrated authentication using the NAPPS process.

 

Configuring Communication

To configure communication between the VMware Workspace Portal and AirWatch, set the following options in both systems:

  • VMware Workspace Portal – Create an AirWatch client so AirWatch managed devices can access VMware Workspace Portal applications remotely on AirWatch managed devices.

    Note: You need the client ID and the secret created by this process to configure the AirWatch Admin Console system.
  • AirWatch Admin Console – Enter the VMware Workspace Portal client information and the host name so that the two systems can communicate.

Creating the Client in VMware Workspace Portal

Perform the following steps in the VMware Workspace Portal Console to add AirWatch as a client on the OAuth Client page. Adding AirWatch as a client enables AirWatch managed devices to view their VMware Workspace Portal apps.

  1. Log in to the VMware Workspace Portal Console.
  2. Navigate to Settings > Remote App Access.
  3. Select Create Client on the Clients page and complete the following options on the Create Client page:
    • Access Type – Select Service Client Token from the menu.
    • Client ID  – Enter a unique client ID for AirWatch. You use this same unique client ID in AirWatch, too.
    • Advanced – Configure the following settings:
    • Clear the Issue Refresh Token check box.
    • Edit the Access Token Time-To-Live if the 6 hour default setting does not meet your needs.
  4. Select Add.

VMware Workspace Portal lists AirWatch on the OAuth2 Client page. This page displays the generated shared secret, along with the unique client ID for AirWatch used when configuring the VMware Workspace Portal client in AirWatch.

Enabling Communication in AirWatch

Perform the following steps to add the unique client ID for AirWatch and the shared secret to the AirWatch Admin Console so that the VMware Workspace Portal and AirWatch can communicate.

Important: Configure integration in the Organization Group that contains the Active Directory settings, and if desired, you can configure integration lower in your Organization Group hierarchy. Do not configure integration in an Organization Group at a higher level than your Active Directory service.

image002.png

  1. Log in to the AirWatch Admin Console.
  2. Navigate to Groups &Settings > Settings  > Apps > Application Integration > Workspace Portal.
  3. Set the following options on the Workspace Portal page:
    • Client ID – Enter the unique client ID entered for AirWatch in the VMware Workspace Portal Console.
    • Client Secret – Enter the shared secret generated by creating the client in VMware Workspace Portal.
    • Host – Enter the host name for the VMware Workspace Portal system.
  4. Select the Test Connection option to ensure the VMware Workspace Portal system can reach AirWatch server.
  5. Save your settings.

Configuring Integrated Authentication With NAPPS

Use the following procedures to configure the use of the VMware Workspace Portal credentials to authenticate to the AirWatch Browser on their AirWatch managed devices.

  • VMware Workspace Portal – Create a client template to register a bundle of AirWatch applications with the VMware Workspace Portal system and to create remote access of VMware Workspace Portal applications through the AirWatch Browser. 
  • AirWatch Admin Console – Enable integrated authentication using the NAPPS system so users can authenticate to the VMware Workspace Portal through the AirWatch Browser using their VMware Workspace Portal  credentials.

    Note: For information on NAPPS, refer to the Native Applications Working Group, which at the time of posting, could be found here: http://openid.net/wg/napps/.

Configuring Remote App Access in VMware Workspace Portal

Perform the following steps in the VMware Workspace Portal Console to create the template that registers the AirWatch application bundle and allows remote access to VMware Workspace Portal applications through the AirWatch Browser.

 image003.png

  1. Log in to the VMware Workspace Portal Console.
  2. Navigate to Settings > Remote App Access.
  3. Select Templates and then choose Create Template to complete the following options:
    • Template Id – Enter the application bundle string AirWatchAZA-BundleId.
    • Scope – Select these check boxes, Email, Profile, User, and NAAPS (which selects OpenID by default).
    • Redirect URI – Enter airwatchaza://oauth2.
    • Refresh Token – Select this check box to enable and access token options.
    • Access Token TTL – Configure the lifespan of data exchanged through the token. When the end of life is reached, the system discards data. 
    • Refresh Token TTL – Configure when the refresh of the lifespan of data exchanged through the token occurs.
  4. Select Add.

Configuring Integrated Authentication in AirWatch

Perform the following steps to configure the use of the VMware Workspace Portal credentials to authenticate to the AirWatch App Catalog and access VMware Workspace Portal applications viewed using AirWatch Browser.

image004.png

  1. Log in to the AirWatch Admin Console.
  2. Navigate to Groups &Settings > Settings  > Settings And Policies > Security Policies.
  3. Enable Integrated Authentication and complete the following options:
    • Use NAPPS Authentication – Enable AirWatch to use NAPPS for authenticating to the integrated system
    • Authentication Server URL – Enter the URL for the VMware Workspace Portal system.
  4. Select Save.

Testing Integration

Test the integration between the VMware Workspace Portal system and AirWatch using this process.

  1. Enroll a device with AirWatch.
  2. Push the AirWatch App Catalog to the device using the AirWatch Admin Console.
  3. Open the AirWatch App Catalog on the device and install a VMware Workspace Portal application, which is located in the Web Applications section of the App Catalog.
  4. Launch the application on the device and ensure the application opens in the AirWatch Browser.

The system prompts for the VMware Workspace Portal credentials; however, after this initial prompt, other VMware Workspace Portal applications do not prompt for credentials, unless you configured a credential time out setting in the VMware Workspace Portal or the communication session expires. Also, device users may have to re-enter their credentials while launching Desktop Pools and hosted applications using View Client 3.0+.

Note: You can access AirWatch documentation that outlines enrolling devices (Mobile Device Management Guide) and explains the App Catalog (Mobile Application Management Guide), as well as other documentation on the Resources Portal. You need your AirWatch ID credentials to access this site.

Have more questions? Submit a request

0 Comments

Article is closed for comments.