In this quick walkthrough, we’re going to review how to access your own instance of Workspace ONE Access from TestDrive. In your Workspace ONE Access tenant, you will be able to make your own configurations and perform end to end testing.
Note: This tenant will not convert to production.
- Section 1: Accessing the Workspace ONE Access Sandbox via TestDrive
- Section 2: Admin Portal Feature Walkthrough
- Section 3: Resetting Tenant Admin Password
Before you Begin
In order to complete this demo please make sure you have the following:
- A valid account in the VMware TestDrive environment, sign up here if you don't
Background Info - Workspace ONE Access Overview
The Workspace ONE platform is comprised of Workspace ONE Access (previously known as VMware Identity Manager - vIDM) and Workspace ONE UEM (previously known as VMware AirWatch).
Workspace ONE Access is identity management for the mobile cloud era that delivers on consumer-simple expectations like one-touch access to nearly any app, from any device. Empower employees to get productive quickly with a self-service app store while giving IT a central place to manage user provisioning and access policy with enterprise-class directory integration, identity federation and user analytics. A few of the key features of Workspace ONE Access include:
- Self-Service Unified App Catalog - Now, employees can access all their applications regardless of type in one central app catalog across all their devices. This aggregates entitlements to applications, regardless of where those entitlements are managed and allows for provisioning to be user activated or automatic. The app catalog includes applications brokered through Workspace ONE UEM from the Google, Microsoft or Apple app stores, remotely hosted Windows apps entitled through Horizon or Horizon Air, remote Citrix apps, internal web apps, packaged Windows apps and more.
- Enterprise Single Sign On - Enable your employees to launch directly into the apps they need without requiring multiple sets of credentials or needing to continuously authenticate. Through Workspace ONE Access and Workspace ONE UEM a seamless Single Sign-On (SSO) experience can be achieved for web, mobile, SaaS, and legacy applications.
- Conditional Access Policies - Apply conditional access policies, denying or allowing access to individual apps, by user security group, network, and authentication strength.
In this sandbox you can configure your own Workspace ONE Access SaaS tenant. This tenant is only available to your account unless you create accounts for others. Your personal tenant will get deleted when your TestDrive account expires. These tenants are non-convertible to production.
Warning: Turning toggle switch in the TestDrive portal back to OFF after enabling the product will de-provision your tenant and all your data within your test tenant will be lost.
NOTE: Please avoid disabling the Workspace ONE Access tenant once provisioned as far as possible. If absolutely necessary, then give about 25-30 minutes after disabling the Workspace ONE Access Tenant before re-enabling again in order to let the tenant info get completely removed from the database. Failure to do so may result in your tenant being stuck at 'Disabling Product' state on the TestDrive Portal and would need admin action to fix.
Section 1: Accessing the Workspace ONE Access Sandbox via TestDrive
To get started navigate to the TestDrive Portal at portal.vmtestdrive.com. Log in with your TestDrive username and password.
Once you're logged in, scroll down to the Workspace ONE Access under the Sandbox Experience section. Toggle the switch to the right to enable the product. Once the switch turns green the product has been enabled.
By clicking the down arrow on the left side of the Workspace ONE Access tile, you can view your login credentials.
Click the Launch button. A new tab will open for the Workspace ONE user portal for your personal Workspace ONE Access instance. Log in using your Admin credentials from the previous step.
After logging in you'll see the catalog page which an end user would see. Note that the Catalog is empty, as no apps have been configured in your personal tenant yet. Let's navigate to the admin piece, so choose the dropdown next your your account in the top right.
Select "Administration Console".
Section 2: Admin Portal Feature Walkthrough
Now you're logged into the Workspace ONE Access Administrative Console. First, you'll land on the dashboard which provides analytics for your Workspace ONE Access deployment including top applications and login statistics.
Choose the "Catalog" tab at the top. Here you would see all apps that have been added to the Workspace ONE Access instance (Native mobile apps will not appear as those are added in the Workspace ONE UEM Admin Console). You can tag your apps so they appear in specific categories within the Workspace ONE catalog. Also, you can add an app by clicking "New" at the top left.
Click the "New" button. You can search for an application by name in the search bar. For this walkthrough, let's click the "or browse from catalog" link.
Next the cloud app catalog will load and you can choose any app your organization uses from the list.
Here we can modify how the app will appear in the Workspace ONE catalog to end users as well as define user entitlements, conditional access policies and your organization's tenant information for the app.
Next, lets take a deeper look at the policies which can be applied by app. Navigate to "Identity & Access Management" at the top and choose "Policies" from the grey bar. Here you'll see the default access policy. Choose "default_access_policy_set".
The details page for this policy will display. If this policy had been configured, you would see which apps this policy applies to as well as the primary and failover authentication methods for each device type.
Now let's see how to integrate Workspace ONE Access with Workspace ONE UEM (formerly VMware AirWatch). From the Administration Console, open the Identity and Access Management tab and click the Setup button at the top right.
Click AirWatch at the right end of the menu bar. Now you can configure the settings for this integration.
For more information on integrating Workspace ONE UEM with Workspace ONE Access, please reference https://docs.vmware.com/en/VMware-Workspace-ONE-Access/index.html
Section 3: Resetting Tenant Admin Password
If you need to reset your Workspace ONE Access Sandbox password at any point, you can do so by either of two methods. First, if a user resets their TestDrive AD password, the Workspace ONE Access tenant password will change too. Second, you can go to Settings within the Workspace ONE Access User Portal and change it directly.
Note: If you change your password using the Workspace ONE Access User Portal, please document your new password as it will not update on the TestDrive portal under "Admin Credentials" in the Workspace ONE Access tile.
For the first method, resetting your TestDrive password, start by navigating to the TestDrive portal. Open the dropdown menu in the top right and select 'Change Password'.
For the second method, navigate to the Workspace ONE Access User Portal and open the Tenant Admin dropdown and click Settings.
From the Account section, you can click the "Change" link next to Password to initiate the process.
For more information on the features of Workspace ONE Access, refer to the full product documentation hosted at https://docs.vmware.com/en/VMware-Workspace-ONE-Access/index.html