Preparing for the Integration

Make some preparations on the VMware Workspace ONE UEM console before the integration.

The integration between Mobile Security and VMware Workspace ONE UEM uses REST APIs over HTTPS to transfer data. The REST APIs require authentication to integrate with Workspace ONE UEM. Prior to authentication, API access must be enabled on the Workspace ONE UEM console.

To integrate Mobile Security with Workspace ONE UEM, you also need to have an account with required permissions for the communication between Mobile Security and Workspace ONE UEM.

Important:

Workspace ONE UEM integration is associated with organization groups. Once the integration is completed, only administrator accounts from your organization group have permission to change the integration settings.

Enable API access on the VMware Workspace ONE UEM console.
1. Go to GROUPS & SETTINGS > All Settings.
2. On the Settings screen, go to System > Advanced > API > REST API.
3. On the General tab, select ENABLED for Enable API Access.
  Enabling API access automatically generates an API key for the organization group, which is necessary for API authentication.
4. On the Authentication tab, select ENABLED for Basic.
  Note:
  Mobile Security does not support certificate-based or directory-based API authentication.
  
  APIs get authenticated using basic account credentials (user name and password).

Create an account with the required API permissions.

You can either add an account with the Console Administrator role, or add an account with a custom role that has been granted minimum required permissions.

Note:

The Console Administrator role allows comprehensive access in the console. With this role, you do not need to assign the role any new permissions required by new features released in the future.

A custom role with minimum required permissions offers better security. However, custom roles must be manually maintained over time and updated with new features.

To add an account with the Console Administrator role, perform the following steps:
1. On the VMware Workspace ONE UEM console, go to ACCOUNTS > Administrators > List View.
2. Select Add and then Add Admin.
3. On the Add Admin screen, select Basic and click Next.
4. On the Definition tab, specify all required fields including username, password, first name, last name, and email address and click Next.
5. On the Roles tab, select your organization group and select Console Administrator from the Role drop-down list, and click Next.
6. On the Details and Settings tabs, specify additional information if necessary, and click Save.

To add an account with a custom role granted minimum required permissions, perform the following steps:

On the VMware Workspace ONE UEM console, go to ACCOUNTS > Administrators > Roles.

On the Roles screen, click ADD ROLE, and create a custom administrator role and grant minimum required permissions to the role.

Tip:

To quickly assign all required permissions to the categories falling under Accounts, click the circular icon to the right of these categories and select Read under Choose Edit Mode.

Table 1. Minimum permissions required to complete the integration
Category	Name	Read	Edit
Accounts > Administrators > Admin Groups	Members
Accounts > Administrators > Admin Groups	View
Accounts > Users > Accounts	Add Device
	Batch Import
	Migration
	Search
	User Detail
	View
Accounts > Users > User Groups	Members
Accounts > Users > User Groups	View
API > REST	Admins
	Apps
	Devices
	Groups
	Users
Apps & Books	Application Publish
	Public Apps
	Purchased Applications
Device Management > Device Details	Enterprise Wipe
Device Management > Device Details	Lock
Settings > System	General
Settings > System	View

Go to ACCOUNTS > Administrators > List View, and add an account with the newly created role.