Web SSO for Chrome with Workspace ONE

Web SSO Workspace ONE

So, you’ve enabled Workspace ONE for your organisation, you’re on your way to End User Nirvana. Theres just one thing in your way, the Username and Password field! 

Workspace ONE is great at becoming a one stop shop for all Web, Native and Virtual Applications, leaving your users with just one password to remember. But… what if that could be a thing of the past! 

On a Workspace ONE Managed Device (macOS or Windows 10), your users can simply open their Browser of Choice (except Firefox, we’ll cover that later), et voilà . Logged in without a second thought.  

Prerequisites

  • Workspace ONE Identity Manager
  • Workspace ONE UEM Console
  • A Certificate Authority configured within Workspace ONE UEM to issue user certificates

macOS – Chrome

To enable the selection of the User certificate within Chrome, we need to configure the AutoSelectCertificateForUrls policy. This can be achieved with the below Custom XML.

Points to change:

  • pattern: the CAS URL for your Identity Manager tenant. In this example, its https://cas.vidmpreview.com/
  • filter: The ISSUER: should be the Issuer name of your CA. Something like “Company Issuing CA“.

Leave everything else default.

<dict>
<key>AutoSelectCertificateForUrls</key>
<array>
 <string>{"pattern":"https://cas.vidmpreview.com/","filter":{"ISSUER":{"CN":”your-domain-AD01-CA"}}}</string>
</array>
<key>PayloadEnabled</key>
<true/>
            <key>PayloadDisplayName</key>
            <string>Google Chrome Settings</string>
            <key>PayloadEnabled</key>
            <true/>
            <key>PayloadIdentifier</key>
            <string>com.google.Chrome.4F720473-6832-4CE0-A895-E9C3FC6F8CBD</string>
            <key>PayloadType</key>
            <string>com.google.Chrome</string>
            <key>PayloadUUID</key>
            <string>4F720473-6832-4CE0-A895-E9C3FC6F8CBD</string>
            <key>PayloadVersion</key>
            <integer>1</integer>
</dict>

Extra! Windows 10 – Chrome

Details provided by the Legendary Charlie Hodge EUCSE Bloghttps://blog.eucse.com/windows-10-true-sso-using-chrome/ 

Further Resources

WorkspaceONE UEM Integration with Microsoft ADCS via DCOM

​Chrome troubleshooting: chrome://policy

IDM– Activity Reports


Enable Workspace ONE Intelligent Hub for SaaS and Native Apps

If you’ve upgraded to Workspace ONE UEM 18.10 and you have anybody enrolled with the AirWatch Agent, you wont fail to see the new Intelligent Hub app and Hub Services configuration.

Intelligent Hub is an overhaul of the AirWatch Agent to deliver a full Unified App Catalog features, allowing the Hub to be the one stop shop for users to access any app on any device. The app also allows Administrators to deliver notifications to end users.

If you are an end to end Workspace ONE user, integrating UEM (Unified Endpoint Management, powered by AirWatch) with VMware Identity Manager, you’ll probably want to deliver your SaaS Apps as well as Native applications.

Continue reading “Enable Workspace ONE Intelligent Hub for SaaS and Native Apps”