We finally have the support in Workspace ONE Access for the FIDO2 hardware access tokens. It is pretty easy to set it up and use. No major roadblocks, if you have a hardware key you can test it by yourself.

I got a question from a customer if they can leverage VMware’s MFA technology (Verify) to secure access to their Office 365 environment. Which of course they can, but they were even more curious if they can do it without the Azure Active Directory P1 license. And the answer is again yes.

What the customer needs to do is to federate the authentication of their O365 environment to Workspace ONE Access tenant and then they can leverage the great conditional access we have (including MFA) to secure their environment.

I thought that it would be a good example to show them, how simple and quick it is to federate a blank O365 tenant with Workspace Access.

In my next post about Workspace ONE Access, I would like to finally move away from using passwords and change it to something more secure and way more convenient for the employees. I am talking about certificate-based authentication.

I think I will continue the trend I started in the last post (about Windows 10 OOBE) and show you a short video about the look and feel of the result.

You haven’t seen any rocket science video, but it’s pretty cool, that we have just eliminated passwords from the login process. The employee is prompted for a certificate, which in this case was automatically requested for him during the enrollment using our device management solution Workspace ONE UEM. 

So far we have been adding more and more applications into the portal, but in this post, we will focus on adding security – specifically 2FA authentification.

VMware has its own solution called VMware Verify, which is part of every edition of Workspace ONE and also Horizon Advanced and higher so let’s focus on that today, but of course, you can use any other 2FA solution over RADIUS.

I will continue by adding more application sources into our unified application portal. In the last post, we successfully added our first SaaS application (the SAML integration of Salesforce app), now it’s time to bring in virtual application and desktop. Specifically, I will work on the VMware Horizon platform, but keep in mind that Workspace ONE Access can integrate with Citrix platform too.

I am continuing with this lovely series about Workspace ONE Access. So far we have been able to install the connector and integrate with the Active Directory. But if you actually log in as a domain user, you might be disappointed, because there is nothing to do with Workspace ONE Access.

There are no applications. Yet. Let’s fix that in this blog post and add a simple SaaS application – Salesforce.

I started this series about Workspace ONE Access almost a year ago. To be honest, there was not a lot of posts regarding this topic so far… And I finally had time to update the previous article about the Identity Manager Connector installation.

With that said we can now move forward and leverage that connector for Active Directory integration. After that, we will be able to build on top of it and integrate with Horizon, use MFA (VMware Verify) or add 3rd party SaaS applications.

Recently I am doing a lot of proof of concepts for VMware Workspace ONE running as SaaS in our cloud and it always starts with a question – “What do I need to prepare on my side?”. To simplify my life, I decided to write this post, which should summarize all the requirements to get everything up and running.

My idea is to slowly over time expand this post and provide also nice installation instructions, so it will be extremely easy for anyone to test our Workspace ONE trial environment.

Let’s assume you have a freshly installed on-premise installation of VMware Identity Manager or you have a newly created tenant in vIDM Workspace ONE Access SaaS infrastructure. There is not much this poor appliance can do at this point, right?

You will need to integrate it with some parts of your infrastructure to make it do useful things like Unified Catalog, SSO, Conditional Access, MFA, etc. In this series, I will show you all sorts of integrations and how you should configure them step by step.

The first integration you literally have to do, when you have SaaS vIDM Workspace ONE Access or you deployed your appliances in DMZ is to install a Connector and pair it with your vIDM Workspace ONE Access.

So what is a Connector (to be specific we are talking about the “VMware Identity Manager Connector”)?

VMware Identity Manager Connector provides organizations with the ability to integrate VMware Identity Manager Workspace ONE Access with their back-end enterprise systems.

Pretty obvious, huh? And those backend systems can be Active Directory, VMware Horizon, Citrix XenApp… But let’s start slowly. Let’s get the connector up and running.