To use the Workspace ONE Intelligence features such as data settings and risk score in Unified Access Gateway, a connection setting must be created on Unified Access Gateway. A connection setting can be used for sending Unified Access Gateway-specific or edge-services related data to Workspace ONE Intelligence or for gathering risk score-related information from Workspace ONE Intelligence as part of the endpoint compliance check.

Any number of Workspace ONE Intelligence connection settings can be configured. The same connection setting can be used across multiple use cases (risk score and data setting). Note that for each use case, only one connection setting can be used at a time. For example: to change the connection used for the Workspace ONE Intelligence risk score provider, you must edit the provider settings and select another connection.

The Workspace ONE Intelligence credentials file is a JSON file containing Workspace ONE Intelligence URL, access token endpoint URL, client ID, and client secret for authorizing Unified Access Gateway to communicate with Workspace ONE Intelligence. You can download this file from the Unified Access Gateway integrations page on the Workspace ONE Intelligence console.

Prerequisites

  • You must have already registered the Unified Access Gateway widget on Workspace ONE Intelligence.
  • You must have already downloaded the credentials file from Workspace ONE Intelligence and saved this file on a computer which you can access.
To integrate Unified Access Gateway in Workspace ONE Intelligence and download the credentials file, see the Integrations in Workspace ONE Intelligence and Register VMware Unified Access Gateway sections in the VMware Workspace ONE Intelligence Products documentation.

Procedure

  1. In the Configure Manually section of the Unified Access Gateway Admin console, click Select.
  2. In Advanced Settings, click the Workspace ONE Intelligence Connection Settings gearbox icon.
  3. To configure the settings for a connection, click Add.

    Ensure that Unified Access Gateway is able to reach the Workspace ONE Intelligence endpoint hosts present in the uploaded credentials JSON file.

  4. Configure the following Workspace ONE Intelligence settings :
    Option Description
    Name Name of the Workspace ONE Intelligence connection setting.

    Every connection setting must have a unique name.

    Workspace ONE Intelligence URL Thumbprints Enter the list of Workspace ONE Intelligence URL thumbprints.

    If you do not provide a list of thumbprints, ensure that the server certificates are issued by a trusted CA. Enter the hexadecimal thumbprint digits.

    For example, sha1= C3 89 A2 19 DC 7A 48 2B 85 1C 81 EC 5E 8F 6A 3C 33 F2 95 C3.

    Note: This UI option can be used when the connection to Workspace ONE Intelligence is through a TLS reverse proxy or a security appliance that presents a TLS server certificate, which is not issued by a trusted CA.
    Trusted Certificates Select the trusted certificate files in PEM format, to be added to the trust store.

    By default, the alias name is the filename of the PEM certificate. To give a different name, edit the alias text box.

    Note: This UI option can be used when the connection to Workspace ONE Intelligence is through a TLS reverse proxy or a security appliance that presents a TLS server certificate, which is not issued by a trusted CA.
  5. To upload the Workspace ONE Intelligence Credentials file, navigate to the file location and select the desired file.
  6. (Optional) After you save the file on Unified Access Gateway, to ensure that the client secret in the credentials file is secure, you can either encrypt or delete the file.

Results

The following message is displayed: Configuration is saved successfully.