So glad I found this subreddit. Can you all help me understand Workspace One ?

Hey All,

For the past 5 to 6 years.. the Organization I work in has had Airwatch (Hosted) to handle about 2,000 mobile devices (about 85% iOS and about 15% Android). I’m the lead Admin on that but (perhaps obviously from my questions below), I don’t consider myself any “guru” or “expert”. I do pretty well (I think).. but feeling really lost on “Workspace One”.

Lately there’s been some talk and discussion about expanding our capabilities (virtualization, VDI, silo’d Apps and more Security for BYOD scenarios).. and I was asked to dig into Workspace One and see if I can get it Enabled and working. However I’m having a really frustrating and difficult time wrapping my head around just what exactly Workspace One even is. (is there a Network-diagram or flowchart or some other kind of technical drawing that lays out how it’s all supposed to be implemented?)

Some questions:

* I got Workspace One enabled.. but the dashboard is blank/empty. (and doesn’t give me any clear indication as to what to do next). So what DO I do next?.. There seems to be no guide-posts or breadcrumbs of any kind for me to follow.

* There’s no Users. Where do those come from ?.. Do I still need Identity Manager? (or can Workspace One integrate directly to Active Directory somehow?.. if it can, how do I know if that’s something I need to do or not ?

* When I enabled Workspace One.. it updated/changed my Airwatch “Intelligent Hub” (how it looks).. I wasn’t expecting that. Why did that happen?..

I see a lot of KB articles talking about interesting Features (Single Sign On, Syncing AD Passwords, building Silos of Apps,etc).. all of which sound incredibly awesome. How do I get there ?… I feel like I’m blindfolded in a dark forest and hearing noises around me and no way of understanding which direction to go or what to do.

To add an extra layer of confusion on top of the cake,. the Server side of our Dept seems to already use a lot of VMWare stuff (ESXI, VSphere, etc). .and I found out this morning they have their own instance of Workspace One with Identity Manager already spun up and working (being used for what? — I have no idea).

Help ?..

View Reddit by jmnugentView Source


To see the full content, share this page by clicking one of the buttons below

Related Articles


  1. Are you familiar with VMware’s Hands On Labs ([https://labs.hol.vmware.com](https://labs.hol.vmware.com)) ? If you don’t already have a free account, create one, login and search “Workspace ONE” and you will find several labs that will walk you through some of the different use cases.

  2. In short, Workspace ONE is a platform made up of four products:

    1. Workspace ONE UEM (rebranded AirWatch)
    2. Workspace ONE Access (rebranded IDM)
    3. VMware Horizon
    4. Workspace ONE Intelligence

    Would be great to reach out to your VMware rep for an overview of capability, but could also start at https://techzone.vmware.com/becoming-workspace-one-hero and https://portal.vmtestdrive.com for hands-on.

    To answer your question about IDM for SDDC – good chance your counterparts are using vIDM for vRealize and/or NSX AuthN. No worries, this plays nicely with Workspace ONE.

  3. I am not a work space person so I will let those people chime in.

    I did see this though

    >they have their own instance of Workspace One with Identity Manager already spun up and working

    Have you tried reaching out within your team for interdepartment training?

  4. So, some basic stuff.

    Counting Horizon and Intelligence (a subscription product) as separate and not “core” Workspace ONE, Workspace ONE is Identity Manager, just recently rebranded “Workspace ONE Access,” plus Workspace ONE UEM, what used to be AirWatch.

    The two pieces work together and integrate with other pieces as well. For just offering apps from a catalog on various devices, you only need to deploy Identity Manager (vIDM) and some sort of gateway or reverse proxy into your environment from outside. Think UAG.

    vIDM (Access) integrates with identity providers such as active directory and various catalog providers, the principal one being Horizon.

    UEM provides provisioning and “modern management” for mobile and Windows 10 devices. Modern management is seen as a replacement for domain-based management currently done in the corporate environment by SCCM. Dell now sells machines to corporate accounts that have the modern management driver(s) pre-installed with Windows.

    Skipping ahead… What you’re going to need to do first is set up a connection to Active Directory. There are instructions to do so in the Identity Manager Installation docs.

    Next you’re going to have to set up a connection, probably to a Horizon instance (Connection Server). The desktops that Horizon offers and any RDSH apps as well, will come across to the Workspace ONE catalog.

    You can also add Web Apps to the catalog. Those are primarily cloud-based apps that use SAML 2.0 for authentication. It turns out many of these are banned and blocked by many large enterprises. Examples of some that aren’t usually blocked: Office 365, Google Drive, ServiceNOW. Examples of some that may be blocked: DropBox, Google Drive, OneDrive, etc.

    You can also add Websites if they support the limited authentication methods that Workspace ONE is built to use.

    Lastly, you entitle users (or, better, domain groups) to the various desktops, applications, Web Apps, etc. (Users must be entitled in Horizon as well.)

    There is a Citrix connector (good luck with that) to add Citrix apps to the catalog. (Citrix Receiver still required on the client.)

    Read up and play. Workspace ONE can tie together apps from multiple places into a single catalog. Clients are available for most platforms, so you can, in theory, “run” Excel or Outlook on your iPhone. You can also tie together multiple Horizon pods from multiple sources or locations.

    Good luck with it.

Leave a Reply