Preparing for the Integration

Make some preparations on the VMware Workspace ONE UEM console before the integration.

The integration between Mobile Security and VMware Workspace ONE UEM uses REST APIs over HTTPS to transfer data. The REST APIs require authentication to integrate with Workspace ONE UEM. Prior to authentication, API access must be enabled on the Workspace ONE UEM console.

To integrate Mobile Security with Workspace ONE UEM, you also need to have an account with required permissions for the communication between Mobile Security and Workspace ONE UEM.


Workspace ONE UEM integration is associated with organization groups. Once the integration is completed, only administrator accounts from your organization group have permission to change the integration settings.

  1. Enable API access on the VMware Workspace ONE UEM console.
    1. Go to GROUPS & SETTINGS > All Settings.
    2. On the Settings screen, go to System > Advanced > API > REST API.
    3. On the General tab, select ENABLED for Enable API Access.

      Enabling API access automatically generates an API key for the organization group, which is necessary for API authentication.

    4. On the Authentication tab, select ENABLED for Basic.

      Mobile Security does not support certificate-based or directory-based API authentication.

      APIs get authenticated using basic account credentials (user name and password).

  2. Create an account with the required API permissions.

    You can either add an account with the Console Administrator role, or add an account with a custom role that has been granted minimum required permissions.


    The Console Administrator role allows comprehensive access in the console. With this role, you do not need to assign the role any new permissions required by new features released in the future.

    A custom role with minimum required permissions offers better security. However, custom roles must be manually maintained over time and updated with new features.

    • To add an account with the Console Administrator role, perform the following steps:

      1. On the VMware Workspace ONE UEM console, go to ACCOUNTS > Administrators > List View.

      2. Select Add and then Add Admin.

      3. On the Add Admin screen, select Basic and click Next.

      4. On the Definition tab, specify all required fields including username, password, first name, last name, and email address and click Next.

      5. On the Roles tab, select your organization group and select Console Administrator from the Role drop-down list, and click Next.

      6. On the Details and Settings tabs, specify additional information if necessary, and click Save.

    • To add an account with a custom role granted minimum required permissions, perform the following steps:

      1. On the VMware Workspace ONE UEM console, go to ACCOUNTS > Administrators > Roles.

      2. On the Roles screen, click ADD ROLE, and create a custom administrator role and grant minimum required permissions to the role.


        To quickly assign all required permissions to the categories falling under Accounts, click the circular icon to the right of these categories and select Read under Choose Edit Mode.

        Table 1. Minimum permissions required to complete the integration



        Read Edit
        Accounts > Administrators > Admin Groups





        Accounts > Users > Accounts

        Add Device


        Batch Import






        User Detail




        Accounts > Users > User Groups





        API > REST








        Apps & Books

        Application Publish

        Public Apps

        Purchased Applications

        Device Management > Device Details

        Enterprise Wipe



        Settings > System



      3. Go to ACCOUNTS > Administrators > List View, and add an account with the newly created role.