Web SSO for Chrome with Workspace ONE

Web SSO Workspace ONE

So, you’ve enabled Workspace ONE for your organisation, you’re on your way to End User Nirvana. Theres just one thing in your way, the Username and Password field! 

Workspace ONE is great at becoming a one stop shop for all Web, Native and Virtual Applications, leaving your users with just one password to remember. But… what if that could be a thing of the past! 

On a Workspace ONE Managed Device (macOS or Windows 10), your users can simply open their Browser of Choice (except Firefox, we’ll cover that later), et voilà . Logged in without a second thought.  

Prerequisites

  • Workspace ONE Identity Manager
  • Workspace ONE UEM Console
  • A Certificate Authority configured within Workspace ONE UEM to issue user certificates

macOS – Chrome

To enable the selection of the User certificate within Chrome, we need to configure the AutoSelectCertificateForUrls policy. This can be achieved with the below Custom XML.

Points to change:

  • pattern: the CAS URL for your Identity Manager tenant. In this example, its https://cas.vidmpreview.com/
  • filter: The ISSUER: should be the Issuer name of your CA. Something like “Company Issuing CA“.

Leave everything else default.

<dict>
<key>AutoSelectCertificateForUrls</key>
<array>
 <string>{"pattern":"https://cas.vidmpreview.com/","filter":{"ISSUER":{"CN":”your-domain-AD01-CA"}}}</string>
</array>
<key>PayloadEnabled</key>
<true/>
            <key>PayloadDisplayName</key>
            <string>Google Chrome Settings</string>
            <key>PayloadEnabled</key>
            <true/>
            <key>PayloadIdentifier</key>
            <string>com.google.Chrome.4F720473-6832-4CE0-A895-E9C3FC6F8CBD</string>
            <key>PayloadType</key>
            <string>com.google.Chrome</string>
            <key>PayloadUUID</key>
            <string>4F720473-6832-4CE0-A895-E9C3FC6F8CBD</string>
            <key>PayloadVersion</key>
            <integer>1</integer>
</dict>

Extra! Windows 10 – Chrome

Details provided by the Legendary Charlie Hodge EUCSE Bloghttps://blog.eucse.com/windows-10-true-sso-using-chrome/ 

Further Resources

WorkspaceONE UEM Integration with Microsoft ADCS via DCOM

​Chrome troubleshooting: chrome://policy

IDM– Activity Reports


Enable Workspace ONE Intelligent Hub for SaaS and Native Apps

If you’ve upgraded to Workspace ONE UEM 18.10 and you have anybody enrolled with the AirWatch Agent, you wont fail to see the new Intelligent Hub app and Hub Services configuration.

Intelligent Hub is an overhaul of the AirWatch Agent to deliver a full Unified App Catalog features, allowing the Hub to be the one stop shop for users to access any app on any device. The app also allows Administrators to deliver notifications to end users.

If you are an end to end Workspace ONE user, integrating UEM (Unified Endpoint Management, powered by AirWatch) with VMware Identity Manager, you’ll probably want to deliver your SaaS Apps as well as Native applications.

Continue reading “Enable Workspace ONE Intelligent Hub for SaaS and Native Apps”

Easy access to Office 365 Apps from Workspace ONE

Providing access to applications as easy as possible is one of the primary goals of Workspace ONE. While Workspace ONE can enable Single Sign On to Office 365, I see most setups just deploying the main portal to Office 365.  One massive improvement we can make is to provide users with links directly to O365 services, such as OneDrive, Outlook and Excel Online by enabling one click links into these services.

Below is a step by step guide to get each service within Office 365 presented to end users via the Workspace ONE Catalog.

Continue reading “Easy access to Office 365 Apps from Workspace ONE”